USRE44746E1 - System and method for handling data transfers - Google Patents

System and method for handling data transfers Download PDF

Info

Publication number
USRE44746E1
USRE44746E1 US13/490,956 US201213490956A USRE44746E US RE44746 E1 USRE44746 E1 US RE44746E1 US 201213490956 A US201213490956 A US 201213490956A US RE44746 E USRE44746 E US RE44746E
Authority
US
United States
Prior art keywords
application
data
request
security
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US13/490,956
Inventor
Neil Patrick Adams
Herbert Anthony Little
Michael Grant Kirkup
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BlackBerry Ltd
Original Assignee
BlackBerry Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=35242007&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=USRE44746(E1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by BlackBerry Ltd filed Critical BlackBerry Ltd
Priority to US13/490,956 priority Critical patent/USRE44746E1/en
Priority to US14/163,416 priority patent/USRE46083E1/en
Application granted granted Critical
Publication of USRE44746E1 publication Critical patent/USRE44746E1/en
Assigned to BLACKBERRY LIMITED reassignment BLACKBERRY LIMITED CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: RESEARCH IN MOTION LIMITED
Priority to US15/177,759 priority patent/USRE48679E1/en
Priority to US17/376,006 priority patent/USRE49721E1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/214Monitoring or handling of messages using selective forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/20Automatic or semi-automatic exchanges with means for interrupting existing connections; with means for breaking-in on conversations
    • H04M3/205Eavesdropping prevention - indication of insecurity of line or network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • H04M7/0078Security; Fraud detection; Fraud prevention
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/58Message adaptation for wireless communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/609Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Definitions

  • This document relates generally to the field of communications, and in particular to handling data transfers that involve mobile wireless communications devices.
  • Some companies or governments have different types of networks based on different levels of security. Some of the networks are more secure than others and provide additional levels of security, as well as different procedures for using that network. It is a security concern for data to move between the networks, specifically from a more secure network to a weaker network. An additional problem is how to prevent a malicious application from siphoning data from inside a corporation's firewall to outside the firewall.
  • the government may have a secret network and a non-secret network.
  • the workstations on the secret network may not even be connected to the non-secret network to explicitly prevent data siphoning.
  • the government would have to deploy two separate PDAs to each employee that uses both of the networks. This is a costly approach.
  • an organization may wish to deploy handhelds to employees, which connect to their corporate network as well as their personal (home) email accounts. It would be detrimental for an employee to siphon data between their corporate secure network to their personal accounts.
  • FIG. 1 is an overview of an example communication system in which a wireless communication device may be used.
  • FIG. 2 is a block diagram of a further example communication system including multiple networks and multiple mobile communication devices.
  • FIGS. 3 and 4 are block diagrams depicting management of data transfers between a secure location and a less secure location.
  • FIG. 5 is a block diagram depicting an IT administrator providing data transfer settings to a mobile device.
  • FIGS. 6 and 7 are flowcharts depicting a data transfer operational scenario.
  • FIG. 8 is a block diagram depicting a data transfer prevention feature wherein data forwarding between service books is prevented.
  • FIG. 9 is a block diagram depicting a data transfer prevention feature wherein cut/copy/paste operations are disabled for applications on a mobile device.
  • FIG. 10 is a block diagram depicting a data transfer prevention feature wherein Inter-Process Communication (IPC) are disabled between applications operating on a mobile device.
  • IPC Inter-Process Communication
  • FIG. 11 is a block diagram of an example mobile device.
  • FIG. 1 is an overview of an example communication system in which a wireless communication device may be used.
  • a wireless communication device may be used.
  • FIG. 1 helps demonstrate the operation of the encoded message processing systems and methods described in the present application.
  • the simple system shown in FIG. 1 is for illustrative purposes only, and shows perhaps the most prevalent Internet e-mail environment where security is not generally used.
  • FIG. 1 shows an e-mail sender 10 , the Internet 20 , a message server system 40 , a wireless gateway 85 , wireless infrastructure 90 , a wireless network 105 and a mobile communication device 100 .
  • An e-mail sender system 10 may, for example, be connected to an ISP (Internet Service Provider) on which a user of the system 10 has an account, located within a company, possibly connected to a local area network (LAN), and connected to the Internet 20 , or connected to the Internet 20 through a large ASP (application service provider) such as America Online (AOL).
  • ISP Internet Service Provider
  • LAN local area network
  • ASP application service provider
  • FIG. 1 may instead be connected to a wide area network (WAN) other than the Internet, although e-mail transfers are commonly accomplished through Internet-connected arrangements as shown in FIG. 1 .
  • the message server 40 may be implemented, for example, on a network computer within the firewall of a corporation, a computer within an ISP or ASP system or the like, and acts as the main interface for e-mail exchange over the Internet 20 .
  • a mobile device 100 configured for receiving and possibly sending e-mail will normally be associated with an account on a message server.
  • the two most common message servers are Microsoft ExchangeTM and Lotus DominoTM. These products are often used in conjunction with Internet mail routers that route and deliver mail. These intermediate components are not shown in FIG. 1 , as they do not directly play a role in the secure message processing described below.
  • Message servers such as server 40 typically extend beyond just e-mail sending and receiving; they also include dynamic database storage engines that have predefined database formats for data like calendars, to-do lists, task lists, e-mail and documentation.
  • the wireless gateway 85 and infrastructure 90 provide a link between the Internet 20 and wireless network 105 .
  • the wireless infrastructure 90 determines the most likely network for locating a given user and tracks the user as they roam between countries or networks.
  • a message is then delivered to the mobile device 100 via wireless transmission, typically at a radio frequency (RF), from a base station in the wireless network 105 to the mobile device 100 .
  • RF radio frequency
  • the particular network 105 may be virtually any wireless network over which messages may be exchanged with a mobile communication device.
  • a composed e-mail message 15 is sent by the e-mail sender 10 , located somewhere on the Internet 20 .
  • This message 15 is normally fully in the clear and uses traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and Multipurpose Internet Mail Extension (MIME) body parts to define the format of the mail message. These techniques are all well known to those skilled in the art.
  • the message 15 arrives at the message server 40 and is normally stored in a message store.
  • Most known messaging systems support a so-called “pull” message access scheme, wherein the mobile device 100 must request that stored messages be forwarded by the message server to the mobile device 100 .
  • Some systems provide for automatic routing of such messages which are addressed using a specific e-mail address associated with the mobile device 100 .
  • messages addressed to a message server account associated with a host system such as a home computer or office computer which belongs to the user of a mobile device 100 are redirected from the message server 40 to the mobile device 100 as they are received.
  • the wireless gateway 85 Regardless of the specific mechanism controlling the forwarding of messages to the mobile device 100 , the message 15 , or possibly a translated or reformatted version thereof, is sent to the wireless gateway 85 .
  • the wireless infrastructure 90 includes a series of connections to wireless network 105 . These connections could be Integrated Services Digital Network (ISDN), Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet.
  • ISDN Integrated Services Digital Network
  • Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet.
  • the term “wireless network” is intended to include three different types of networks, those being (1) data-centric wireless networks, (2) voice-centric wireless networks and (3) dual-mode networks that can support both voice and data communications over the same physical base stations.
  • Combined dual-mode networks include, but are not limited to, (1) Code Division Multiple Access (CDMA) networks, (2) the Groupe Special Mobile or the Global System for Mobile Communications (GSM) and the General Packet Radio Service (GPRS) networks, and (3) future third-generation (3G) networks like Enhanced Data-rates for Global Evolution (EDGE) and Universal Mobile Telecommunications Systems (UMTS).
  • CDMA Code Division Multiple Access
  • GSM Global System for Mobile Communications
  • GPRS General Packet Radio Service
  • 3G networks like Enhanced Data-rates for Global Evolution (EDGE) and Universal Mobile Telecommunications Systems (UMTS).
  • Some older examples of data-centric network include the MobitexTM Radio Network and the DataTACTM Radio Network.
  • Examples of older voice-centric data networks include Personal Communication Systems (PCS) networks like GSM, and TDMA systems.
  • PCS Personal Communication Systems
  • FIG. 2 is a block diagram of a further example communication system including multiple networks and multiple mobile communication devices.
  • the system of FIG. 2 is substantially similar to the FIG. 1 system, but includes a host system 30 , a redirection program 45 , a mobile device cradle 65 , a wireless virtual private network (VPN) router 75 , an additional wireless network 110 and multiple mobile communication devices 100 .
  • FIG. 2 represents an overview of a sample network topology. Although the encoded message processing systems and methods described herein may be applied to networks having many different topologies, the network of FIG. 2 is useful in understanding an automatic e-mail redirection system mentioned briefly above.
  • the central host system 30 will typically be a corporate office or other LAN, but may instead be a home office computer or some other private system where mail messages are being exchanged.
  • the message server 40 running on some computer within the firewall of the host system, that acts as the main interface for the host system to exchange e-mail with the Internet 20 .
  • the redirection program 45 enables redirection of data items from the server 40 to a mobile communication device 100 .
  • the redirection program 45 is shown to reside on the same machine as the message server 40 for ease of presentation, there is no requirement that it must reside on the message server.
  • the redirection program 45 and the message server 40 are designed to co-operate and interact to allow the pushing of information to mobile devices 100 .
  • the redirection program 45 takes confidential and non-confidential corporate information for a specific user and redirects it out through the corporate firewall to mobile devices 100 .
  • a more detailed description of the redirection software 45 may be found in the commonly assigned U.S. Pat. No. 6,219,694 (“the '694 patent”), entitled “System and Method for Pushing Information From A Host System To A Mobile Data Communication Device Having A Shared Electronic Address”, and issued to the assignee of the instant application on Apr. 17, 2001 which is hereby incorporated into the present application by reference.
  • This push technique may use a wireless friendly encoding, compression and encryption technique to deliver all information to a mobile device, thus effectively extending the security firewall to include each mobile device 100 associated with the host system 30 .
  • FIG. 2 there may be many alternative paths for getting information to the mobile device 100 .
  • One method for loading information onto the mobile device 100 is through a port designated 50 , using a device cradle 65 . This method tends to be useful for bulk information updates often performed at initialization of a mobile device 100 with the host system 30 or a computer 35 within the system 30 .
  • the other main method for data exchange is over-the-air using wireless networks to deliver the information. As shown in FIG. 2 , this may be accomplished through a wireless VPN router 75 or through a traditional Internet connection 95 to a wireless gateway 85 and a wireless infrastructure 90 , as described above.
  • the concept of a wireless VPN router 75 is new in the wireless industry and implies that a VPN connection could be established directly through a specific wireless network 110 to a mobile device 100 .
  • the possibility of using a wireless VPN router 75 has only recently been available and could be used when the new Internet Protocol (IP) Version 6 (IPV6) arrives into IP-based wireless networks.
  • IP Internet Protocol
  • IPV6 Internet Protocol Version 6
  • This new protocol will provide enough IP addresses to dedicate an IP address to every mobile device 100 and thus make it possible to push information to a mobile device 100 at any time.
  • a principal advantage of using this wireless VPN router 75 is that it could be an off-the-shelf VPN component, thus it would not require a separate wireless gateway 85 and wireless infrastructure 90 to be used.
  • a VPN connection would preferably be a Transmission Control Protocol (TCP)/IP or User Datagram Protocol (UDP)/IP connection to deliver the messages directly to the mobile device 100 . If a wireless VPN 75 is not available then a link 95 to the Internet 20 is the most common connection mechanism available and has been described above.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • a composed e-mail message 15 leaving the e-mail sender 10 arrives at the message server 40 and is redirected by the redirection program 45 to the mobile device 100 .
  • the message 15 is re-enveloped, as indicated at 80 , and a possibly proprietary compression and encryption algorithm can then be applied to the original message 15 .
  • a possibly proprietary compression and encryption algorithm can then be applied to the original message 15 .
  • messages being read on the mobile device 100 are no less secure than if they were read on a desktop workstation such as 35 within the firewall. All messages exchanged between the redirection program 45 and the mobile device 100 preferably use this message repackaging technique.
  • Another goal of this outer envelope is to maintain the addressing information of the original message except the sender's and the receiver's address. This allows reply messages to reach the appropriate destination, and also allows the “from” field to reflect the mobile user's desktop address. Using the user's e-mail address from the mobile device 100 allows the received message to appear as though the message originated from the user's desktop system 35 rather than the mobile device 100 .
  • this connection path offers many advantages for enabling one-time data exchange of large items.
  • PIM Personal Information Management
  • This serial link may also be used for other purposes, including setting up a private security key 111 such as an S/MIME or PGP specific private key, the Certificate (Cert) of the user and their Certificate Revocation Lists (CRLs) 60 .
  • the private key is preferably exchanged so that the desktop 35 and mobile device 100 share one personality and one method for accessing all mail.
  • the Cert and CRLs are normally exchanged over such a link because they represent a large amount of the data that is required by the device for S/MIME, PGP and other public key security methods.
  • FIG. 3 depicts a system wherein data transfers 230 between a secure location 220 and a less secure location 240 is managed on a mobile device 100 by a data transfer checker 202 .
  • a data transfer checker 202 can be implemented on a mobile device 100 as a software routine or in hardware or firmware.
  • FIG. 4 provides several examples of locations 220 and 240 .
  • location 220 may be a top-secret or secure network and location 240 may be an unrestricted network.
  • location 220 may be a first application that has received sensitive or confidential information.
  • An attempt to transfer data from the first application to a second application may be prevented by the data transfer checker 202 because if the data transfer is successful to the second application, then the second application might be used to disseminate the sensitive data to an unsecured location.
  • FIG. 5 depicts an IT (information technology) administrator 250 (or its agent) providing data transfer criterion or settings 252 to a mobile device 100 .
  • the settings 252 can indicate what data transfers 230 are permitted and which ones are not permitted.
  • the settings 252 can be stored in a data store 204 located on the mobile device 100 for access by a data transfer checker 202 .
  • the IT administrator 250 can specify data transfer settings 252 to one or more devices.
  • the settings 252 may be provided to the mobile device 100 over a network (or other data connection mechanism) in order to update the data store 204 on the mobile device 100 .
  • the mobile device 100 can be pre-programmed with the settings and can be updated by the IT administrator 250 or can have the initial settings provided by the IT administrator 250 .
  • This provides, among other things, companies with the capability to customize data transfer settings to suit their needs. Also, an IT administrator 250 can provide the same settings to all mobile devices of the company, thereby ensuring that company mobile devices adhere to a consistent IT policy.
  • An IT policy can be enforced upon mobile devices in many ways, such as through the approaches described in the following commonly assigned United States patent application which is hereby incorporated by reference: “System And Method Of Owner Control Of Electronic Devices” (Ser. No. 10/732,132 filed on Dec. 10, 2003).
  • This document illustrates how a user of the mobile device can be prevented from altering or erasing owner control information (e.g., data transfer settings 252 ) specified by an IT administrator 250 .
  • FIGS. 6 and 7 illustrate a data transfer operational scenario 300 .
  • data transfer settings can be provided to one or more mobile devices by IT administration personnel.
  • a company's IT policy can specify that many different data transfer-related features can be enabled/disabled.
  • the data transfer settings can enable/disable such security-related aspects associated with data transfers as the following:
  • Step 306 there is an attempt in this operational scenario to transfer data from a first location to a second location.
  • Step 310 retrieves the data transfer settings, and decision step 312 examines whether the data transfer should occur in view of the data transfer settings. If the data transfer should occur as determined by decision step 312 , then the data transfer occurs between the first location and the second location, and processing for this operational scenario terminates at end block 320 .
  • decision step 312 determines that the data transfer should not be allowed in view of the settings
  • decision step 316 determines whether the user should be notified that the data transfer is not permitted. If the user is not to be notified (e.g., because the settings do not allow a feedback message), then processing for this operational scenario terminates at end block 320 . However, if the user is to be notified as determined by decision block 316 , then an indication is provided at step 318 to the user that the data transfer is being prevented. Processing for this operational scenario terminates at end block 320 .
  • FIG. 8 illustrates a data transfer prevention feature mentioned above wherein data transfer 410 between services ( 400 , 420 ) is prevented.
  • Exemplary services comprise a company email service, a user's personal e-mail service, and an instant messaging service.
  • This data transfer prevention feature allows the company to disable improper forwarding/replying between services. For example, if a user receives an email message via a first service 400 , the user is unable to forward it to another email account via a second service 420 (such as a personal e-mail account of the user).
  • messages 440 that arrive via a source e-mail server 430 must be replied to or forwarded back through the same source e-mail server 430 from which the message 440 arrived.
  • FIG. 9 illustrates a data transfer prevention feature mentioned above wherein cut/copy/paste operations 510 are disabled for all or designated applications on the handheld mobile device 100 .
  • cut/copy/paste operations 510 are disabled for all or designated applications on the handheld mobile device 100 .
  • a determined user may copy messages from one application 500 , compose a new message in a different application 520 and send it through the different application 520 .
  • Disabling cut/copy/paste operations makes this much more difficult for the user to siphon data because they would be forced to retype the entire message or data.
  • FIG. 10 illustrates a data transfer prevention feature mentioned above wherein Inter-Process Communication (IPC) 710 can be disabled between applications ( 700 , 720 ) that operate on a mobile device 100 .
  • IPC Inter-Process Communication
  • an application may initiate one or more processes in order to accomplish certain tasks on the handheld mobile device 100 .
  • This data transfer prevention feature would prevent two malicious applications ( 700 , 720 ) working together to siphon data.
  • one application 700 could open up a connection inside the firewall, and another application 720 could open a connection outside the firewall.
  • IPC 710 they could transfer data between the two applications ( 700 , 720 ) and effectively siphon data. Disabling IPC between the applications ( 700 , 720 ) prevents this type of attack from occurring.
  • the data transfer prevention provided by a data transfer checker 202 would inadvertently prohibit IPC between an e-mail program and an address book that are operating on the mobile device 100 .
  • a company can additionally choose which applications are allowed to use IPC, as some applications, such as the e-mail program and the address book, may have a valid use for it.
  • a data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.
  • a system and method can receive a data transfer request to transfer data from a first location to a second location, wherein the first location is more secure than the second location.
  • Data transfer settings are retrieved from a data store responsive to receiving the data transfer request.
  • the data transfer settings indicate whether a data transfer is to occur based upon a security-related aspect associated with the data transfer.
  • the data transfer settings are used to determine whether to transfer the data from the first location to the second location based upon the data transfer settings.
  • the data is transferred responsive to the determining step.
  • a system and method may be configured to consider one or more different data transfer security-related aspects, such as level of security associated with the destination of the data transfer.
  • a security related aspect can include the type of communication operation to be performed between the first location and the second location such as the type of communication to occur.
  • the type of data transfer operation could include data forwarding between service books, opening an internal and an external connection, an Inter-Process Communication (IPC) between applications, and/or a cut-copy-paste type operation between applications.
  • IPC Inter-Process Communication
  • the systems and methods disclosed herein may be used with many different computers and devices, such as a wireless mobile communications device shown in FIG. 11 .
  • the mobile device 100 is a dual-mode mobile device and includes a transceiver 811 , a microprocessor 838 , a display 822 , non-volatile memory 824 , random access memory (RAM) 826 , one or more auxiliary input/output (I/O) devices 828 , a serial port 830 , a keyboard 832 , a speaker 834 , a microphone 836 , a short-range wireless communications sub-system 840 , and other device sub-systems 842 .
  • the transceiver 811 includes a receiver 812 , a transmitter 814 , antennas 816 and 818 , one or more local oscillators 813 , and a digital signal processor (DSP) 820 .
  • the antennas 816 and 818 may be antenna elements of a multiple-element antenna, and are preferably embedded antennas. However, the systems and methods described herein are in no way restricted to a particular type of antenna, or even to wireless communication devices.
  • the mobile device 100 is preferably a two-way communication device having voice and data communication capabilities.
  • the mobile device 100 may communicate over a voice network, such as any of the analog or digital cellular networks, and may also communicate over a data network.
  • the voice and data networks are depicted in FIG. 11 by the communication tower 819 . These voice and data networks may be separate communication networks using separate infrastructure, such as base stations, network controllers, etc., or they may be integrated into a single wireless network.
  • the transceiver 811 is used to communicate with the network 819 , and includes the receiver 812 , the transmitter 814 , the one or more local oscillators 813 and the DSP 820 .
  • the DSP 820 is used to send and receive signals to and from the transceivers 816 and 818 , and also provides control information to the receiver 812 and the transmitter 814 . If the voice and data communications occur at a single frequency, or closely-spaced sets of frequencies, then a single local oscillator 813 may be used in conjunction with the receiver 812 and the transmitter 814 .
  • a plurality of local oscillators 813 can be used to generate a plurality of frequencies corresponding to the voice and data networks 819 .
  • Information which includes both voice and data information, is communicated to and from the transceiver 811 via a link between the DSP 820 and the microprocessor 838 .
  • transceiver 811 The detailed design of the transceiver 811 , such as frequency band, component selection, power level, etc., will be dependent upon the communication network 819 in which the mobile device 100 is intended to operate.
  • a mobile device 100 intended to operate in a North American market may include a transceiver 811 designed to operate with any of a variety of voice communication networks, such as the Mobitex or DataTAC mobile data communication networks, AMPS, TDMA, CDMA, PCS, etc., whereas a mobile device 100 intended for use in Europe may be configured to operate with the GPRS data communication network and the GSM voice communication network.
  • voice communication networks such as the Mobitex or DataTAC mobile data communication networks, AMPS, TDMA, CDMA, PCS, etc.
  • a mobile device 100 intended for use in Europe may be configured to operate with the GPRS data communication network and the GSM voice communication network.
  • Other types of data and voice networks, both separate and integrated, may also be utilized with a mobile device 100 .
  • the access requirements for the mobile device 100 may also vary.
  • mobile devices are registered on the network using a unique identification number associated with each mobile device.
  • network access is associated with a subscriber or user of a mobile device.
  • a GPRS device typically requires a subscriber identity module (“SIM”), which is required in order to operate a mobile device on a GPRS network.
  • SIM subscriber identity module
  • Local or non-network communication functions may be operable, without the SIM device, but a mobile device will be unable to carry out any functions involving communications over the data network 819 , other than any legally required operations, such as ‘911’ emergency calling.
  • the mobile device 100 may the send and receive communication signals, including both voice and data signals, over the networks 819 .
  • Signals received by the antenna 816 from the communication network 819 are routed to the receiver 812 , which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog to digital conversion of the received signal allows more complex communication functions, such as digital demodulation and decoding to be performed using the DSP 820 .
  • signals to be transmitted to the network 819 are processed, including modulation and encoding, for example, by the DSP 820 and are then provided to the transmitter 814 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to the communication network 819 via the antenna 818 .
  • the DSP 820 also provides for transceiver control.
  • the gain levels applied to communication signals in the receiver 812 and the transmitter 814 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 820 .
  • Other transceiver control algorithms could also be implemented in the DSP 820 in order to provide more sophisticated control of the transceiver 811 .
  • the microprocessor 838 preferably manages and controls the overall operation of the mobile device 100 .
  • Many types of microprocessors or microcontrollers could be used here, or, alternatively, a single DSP 820 could be used to carry out the functions of the microprocessor 838 .
  • Low-level communication functions including at least data and voice communications, are performed through the DSP 820 in the transceiver 811 .
  • Other, high-level communication applications such as a voice communication application 824 A, and a data communication application 824 B may be stored in the non-volatile memory 824 for execution by the microprocessor 838 .
  • the voice communication module 824 A may provide a high-level user interface operable to transmit and receive voice calls between the mobile device 100 and a plurality of other voice or dual-mode devices via the network 819 .
  • the data communication module 824 B may provide a high-level user interface operable for sending and receiving data, such as e-mail messages, files, organizer information, short text messages, etc., between the mobile device 100 and a plurality of other data devices via the networks 819 .
  • the microprocessor 838 also interacts with other device subsystems, such as the display 822 , the RAM 826 , the auxiliary input/output (I/O) subsystems 828 , the serial port 830 , the keyboard 832 , the speaker 834 , the microphone 836 , the short-range communications subsystem 840 and any other device subsystems generally designated as 842 .
  • other device subsystems such as the display 822 , the RAM 826 , the auxiliary input/output (I/O) subsystems 828 , the serial port 830 , the keyboard 832 , the speaker 834 , the microphone 836 , the short-range communications subsystem 840 and any other device subsystems generally designated as 842 .
  • Some of the subsystems shown in FIG. 11 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions.
  • some subsystems, such as the keyboard 832 and the display 822 may be used for both communication-related functions, such as entering a text message for transmission over a data communication network, and device-resident functions such as a calculator or task list or other PDA type functions.
  • Non-volatile memory 824 Operating system software used by the microprocessor 838 is preferably stored in a persistent store such as non-volatile memory 824 .
  • the non-volatile memory 824 may be implemented, for example, as a Flash memory component, or as battery backed-up RAM.
  • the non-volatile memory 824 includes a plurality of software modules 824 A- 824 N that can be executed by the microprocessor 838 (and/or the DSP 820 ), including a voice communication module 824 A, a data communication module 824 B, and a plurality of other operational modules 824 N for carrying out a plurality of other functions.
  • These modules are executed by the microprocessor 838 and provide a high-level interface between a user and the mobile device 100 .
  • This interface typically includes a graphical component provided through the display 822 , and an input/output component provided through the auxiliary I/O 828 , keyboard 832 , speaker 834 , and microphone 836 .
  • the operating system, specific device applications or modules, or parts thereof, may be temporarily loaded into a volatile store, such as RAM 826 for faster operation.
  • received communication signals may also be temporarily stored to RAM 826 , before permanently writing them to a file system located in a persistent store such as the Flash memory 824 .
  • An exemplary application module 824 N that may be loaded onto the mobile device 100 is a personal information manager (PIM) application providing PDA functionality, such as calendar events, appointments, and task items.
  • PIM personal information manager
  • This module 824 N may also interact with the voice communication module 824 A for managing phone calls, voice mails, etc., and may also interact with the data communication module for managing e-mail communications and other data transmissions.
  • all of the functionality of the voice communication module 824 A and the data communication module 824 B may be integrated into the PIM module.
  • the non-volatile memory 824 preferably also provides a file system to facilitate storage of PIM data items on the device.
  • the PIM application preferably includes the ability to send and receive data items, either by itself, or in conjunction with the voice and data communication modules 824 A, 824 B, via the wireless networks 819 .
  • the PIM data items are preferably seamlessly integrated, synchronized and updated, via the wireless networks 819 , with a corresponding set of data items stored or associated with a host computer system, thereby creating a mirrored system for data items associated with a particular user.
  • Context objects representing at least partially decoded data items, as well as fully decoded data items, are preferably stored on the mobile device 100 in a volatile and non-persistent store such as the RAM 826 .
  • a volatile and non-persistent store such as the RAM 826 .
  • Such information may instead be stored in the non-volatile memory 824 , for example, when storage intervals are relatively short, such that the information is removed from memory soon after it is stored.
  • storage of this information in the RAM 826 or another volatile and non-persistent store is preferred, in order to ensure that the information is erased from memory when the mobile device 100 loses power. This prevents an unauthorized party from obtaining any stored decoded or partially decoded information by removing a memory chip from the mobile device 100 , for example.
  • the mobile device 100 may be manually synchronized with a host system by placing the device 100 in an interface cradle, which couples the serial port 830 of the mobile device 100 to the serial port of a computer system or device.
  • the serial port 830 may also be used to enable a user to set preferences through an external device or software application, or to download other application modules 824 N for installation.
  • This wired download path may be used to load an encryption key onto the device, which is a more secure method than exchanging encryption information via the wireless network 819 .
  • Interfaces for other wired download paths may be provided in the mobile device 100 , in addition to or instead of the serial port 830 .
  • a USB port would provide an interface to a similarly equipped personal computer.
  • Additional application modules 824 N may be loaded onto the mobile device 100 through the networks 819 , through an auxiliary I/O subsystem 828 , through the serial port 830 , through the short-range communications subsystem 840 , or through any other suitable subsystem 842 , and installed by a user in the non-volatile memory 824 or RAM 826 .
  • Such flexibility in application installation increases the functionality of the mobile device 100 and may provide enhanced on-device functions, communication-related functions, or both.
  • secure communication applications may enable electronic commerce functions and other such financial transactions to be performed using the mobile device 100 .
  • a received signal such as a text message or a web page download
  • the transceiver module 811 When the mobile device 100 is operating in a data communication mode, a received signal, such as a text message or a web page download, is processed by the transceiver module 811 and provided to the microprocessor 838 , which preferably further processes the received signal in multiple stages as described above, for eventual output to the display 822 , or, alternatively, to an auxiliary I/O device 828 .
  • a user of mobile device 100 may also compose data items, such as e-mail messages, using the keyboard 832 , which is preferably a complete alphanumeric keyboard laid out in the QWERTY style, although other styles of complete alphanumeric keyboards such as the known DVORAK style may also be used.
  • auxiliary I/O devices 828 may include a thumbwheel input device, a touchpad, a variety of switches, a rocker input switch, etc.
  • the composed data items input by the user may then be transmitted over the communication networks 819 via the transceiver module 811 .
  • the overall operation of the mobile device is substantially similar to the data mode, except that received signals are preferably be output to the speaker 834 and voice signals for transmission are generated by a microphone 836 .
  • Alternative voice or audio I/O subsystems such as a voice message recording subsystem, may also be implemented on the mobile device 100 .
  • voice or audio signal output is preferably accomplished primarily through the speaker 834
  • the display 822 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information.
  • the microprocessor 838 in conjunction with the voice communication module and the operating system software, may detect the caller identification information of an incoming voice call and display it on the display 822 .
  • a short-range communications subsystem 840 is also included in the mobile device 100 .
  • the subsystem 840 may include an infrared device and associated circuits and components, or a short-range RF communication module such as a BluetoothTM module or an 802.11 module, for example, to provide for communication with similarly-enabled systems and devices.
  • Bluetooth and “802.11” refer to sets of specifications, available from the Institute of Electrical and Electronics Engineers, relating to wireless personal area networks and wireless local area networks, respectively.
  • the systems' and methods' data may be stored in one or more data stores.
  • the data stores can be of many different types of storage devices and programming constructs, such as RAM, ROM, Flash memory, programming data structures, programming variables, etc. It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
  • the systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.
  • computer storage mechanisms e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.
  • a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code.
  • the software components and/or functionality may be located on a single computing device or distributed across multiple computing devices depending upon the situation at hand.

Abstract

Systems and methods for managing data transfers between a secure location and a less secure location. A data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application is a continuation of the U.S. patent application Ser. No. 11/118,791, filed Apr. 29, 2005 now U.S. Pat. No. 7,734,284, entitled “SYSTEM AND METHOD FOR HANDLING DATA TRANSFERS.” This application and the '791 application claim priority to and the benefit of commonly assigned U.S. Provisional Application having Ser. No. 60/567,293, filed on Apr. 30, 2004, entitled “SYSTEM AND METHOD FOR HANDLING DATA TRANSFERS.” All of these are hereby incorporated into this application by reference.
BACKGROUND
1. Technical Field
This document relates generally to the field of communications, and in particular to handling data transfers that involve mobile wireless communications devices.
2. Description of the Related Art
Some companies or governments have different types of networks based on different levels of security. Some of the networks are more secure than others and provide additional levels of security, as well as different procedures for using that network. It is a security concern for data to move between the networks, specifically from a more secure network to a weaker network. An additional problem is how to prevent a malicious application from siphoning data from inside a corporation's firewall to outside the firewall.
For example the government may have a secret network and a non-secret network. The workstations on the secret network may not even be connected to the non-secret network to explicitly prevent data siphoning. To prevent data siphoning between these networks for mobile communications, the government would have to deploy two separate PDAs to each employee that uses both of the networks. This is a costly approach.
As another example, an organization may wish to deploy handhelds to employees, which connect to their corporate network as well as their personal (home) email accounts. It would be detrimental for an employee to siphon data between their corporate secure network to their personal accounts.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is an overview of an example communication system in which a wireless communication device may be used.
FIG. 2 is a block diagram of a further example communication system including multiple networks and multiple mobile communication devices.
FIGS. 3 and 4 are block diagrams depicting management of data transfers between a secure location and a less secure location.
FIG. 5 is a block diagram depicting an IT administrator providing data transfer settings to a mobile device.
FIGS. 6 and 7 are flowcharts depicting a data transfer operational scenario.
FIG. 8 is a block diagram depicting a data transfer prevention feature wherein data forwarding between service books is prevented.
FIG. 9 is a block diagram depicting a data transfer prevention feature wherein cut/copy/paste operations are disabled for applications on a mobile device.
FIG. 10 is a block diagram depicting a data transfer prevention feature wherein Inter-Process Communication (IPC) are disabled between applications operating on a mobile device.
FIG. 11 is a block diagram of an example mobile device.
DETAILED DESCRIPTION OF THE DRAWINGS
FIG. 1 is an overview of an example communication system in which a wireless communication device may be used. One skilled in the art will appreciate that there may be many different topologies, but the system shown in FIG. 1 helps demonstrate the operation of the encoded message processing systems and methods described in the present application. There may also be many message senders and recipients. The simple system shown in FIG. 1 is for illustrative purposes only, and shows perhaps the most prevalent Internet e-mail environment where security is not generally used.
FIG. 1 shows an e-mail sender 10, the Internet 20, a message server system 40, a wireless gateway 85, wireless infrastructure 90, a wireless network 105 and a mobile communication device 100.
An e-mail sender system 10 may, for example, be connected to an ISP (Internet Service Provider) on which a user of the system 10 has an account, located within a company, possibly connected to a local area network (LAN), and connected to the Internet 20, or connected to the Internet 20 through a large ASP (application service provider) such as America Online (AOL). Those skilled in the art will appreciate that the systems shown in FIG. 1 may instead be connected to a wide area network (WAN) other than the Internet, although e-mail transfers are commonly accomplished through Internet-connected arrangements as shown in FIG. 1.
The message server 40 may be implemented, for example, on a network computer within the firewall of a corporation, a computer within an ISP or ASP system or the like, and acts as the main interface for e-mail exchange over the Internet 20. Although other messaging systems might not require a message server system 40, a mobile device 100 configured for receiving and possibly sending e-mail will normally be associated with an account on a message server. Perhaps the two most common message servers are Microsoft Exchange™ and Lotus Domino™. These products are often used in conjunction with Internet mail routers that route and deliver mail. These intermediate components are not shown in FIG. 1, as they do not directly play a role in the secure message processing described below. Message servers such as server 40 typically extend beyond just e-mail sending and receiving; they also include dynamic database storage engines that have predefined database formats for data like calendars, to-do lists, task lists, e-mail and documentation.
The wireless gateway 85 and infrastructure 90 provide a link between the Internet 20 and wireless network 105. The wireless infrastructure 90 determines the most likely network for locating a given user and tracks the user as they roam between countries or networks. A message is then delivered to the mobile device 100 via wireless transmission, typically at a radio frequency (RF), from a base station in the wireless network 105 to the mobile device 100. The particular network 105 may be virtually any wireless network over which messages may be exchanged with a mobile communication device.
As shown in FIG. 1, a composed e-mail message 15 is sent by the e-mail sender 10, located somewhere on the Internet 20. This message 15 is normally fully in the clear and uses traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and Multipurpose Internet Mail Extension (MIME) body parts to define the format of the mail message. These techniques are all well known to those skilled in the art. The message 15 arrives at the message server 40 and is normally stored in a message store. Most known messaging systems support a so-called “pull” message access scheme, wherein the mobile device 100 must request that stored messages be forwarded by the message server to the mobile device 100. Some systems provide for automatic routing of such messages which are addressed using a specific e-mail address associated with the mobile device 100. In a preferred embodiment described in further detail below, messages addressed to a message server account associated with a host system such as a home computer or office computer which belongs to the user of a mobile device 100 are redirected from the message server 40 to the mobile device 100 as they are received.
Regardless of the specific mechanism controlling the forwarding of messages to the mobile device 100, the message 15, or possibly a translated or reformatted version thereof, is sent to the wireless gateway 85. The wireless infrastructure 90 includes a series of connections to wireless network 105. These connections could be Integrated Services Digital Network (ISDN), Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet. As used herein, the term “wireless network” is intended to include three different types of networks, those being (1) data-centric wireless networks, (2) voice-centric wireless networks and (3) dual-mode networks that can support both voice and data communications over the same physical base stations. Combined dual-mode networks include, but are not limited to, (1) Code Division Multiple Access (CDMA) networks, (2) the Groupe Special Mobile or the Global System for Mobile Communications (GSM) and the General Packet Radio Service (GPRS) networks, and (3) future third-generation (3G) networks like Enhanced Data-rates for Global Evolution (EDGE) and Universal Mobile Telecommunications Systems (UMTS). Some older examples of data-centric network include the Mobitex™ Radio Network and the DataTAC™ Radio Network. Examples of older voice-centric data networks include Personal Communication Systems (PCS) networks like GSM, and TDMA systems.
FIG. 2 is a block diagram of a further example communication system including multiple networks and multiple mobile communication devices. The system of FIG. 2 is substantially similar to the FIG. 1 system, but includes a host system 30, a redirection program 45, a mobile device cradle 65, a wireless virtual private network (VPN) router 75, an additional wireless network 110 and multiple mobile communication devices 100. As described above in conjunction with FIG. 1, FIG. 2 represents an overview of a sample network topology. Although the encoded message processing systems and methods described herein may be applied to networks having many different topologies, the network of FIG. 2 is useful in understanding an automatic e-mail redirection system mentioned briefly above.
The central host system 30 will typically be a corporate office or other LAN, but may instead be a home office computer or some other private system where mail messages are being exchanged. Within the host system 30 is the message server 40, running on some computer within the firewall of the host system, that acts as the main interface for the host system to exchange e-mail with the Internet 20. In the system of FIG. 2, the redirection program 45 enables redirection of data items from the server 40 to a mobile communication device 100. Although the redirection program 45 is shown to reside on the same machine as the message server 40 for ease of presentation, there is no requirement that it must reside on the message server. The redirection program 45 and the message server 40 are designed to co-operate and interact to allow the pushing of information to mobile devices 100. In this installation, the redirection program 45 takes confidential and non-confidential corporate information for a specific user and redirects it out through the corporate firewall to mobile devices 100. A more detailed description of the redirection software 45 may be found in the commonly assigned U.S. Pat. No. 6,219,694 (“the '694 patent”), entitled “System and Method for Pushing Information From A Host System To A Mobile Data Communication Device Having A Shared Electronic Address”, and issued to the assignee of the instant application on Apr. 17, 2001 which is hereby incorporated into the present application by reference. This push technique may use a wireless friendly encoding, compression and encryption technique to deliver all information to a mobile device, thus effectively extending the security firewall to include each mobile device 100 associated with the host system 30.
As shown in FIG. 2, there may be many alternative paths for getting information to the mobile device 100. One method for loading information onto the mobile device 100 is through a port designated 50, using a device cradle 65. This method tends to be useful for bulk information updates often performed at initialization of a mobile device 100 with the host system 30 or a computer 35 within the system 30. The other main method for data exchange is over-the-air using wireless networks to deliver the information. As shown in FIG. 2, this may be accomplished through a wireless VPN router 75 or through a traditional Internet connection 95 to a wireless gateway 85 and a wireless infrastructure 90, as described above. The concept of a wireless VPN router 75 is new in the wireless industry and implies that a VPN connection could be established directly through a specific wireless network 110 to a mobile device 100. The possibility of using a wireless VPN router 75 has only recently been available and could be used when the new Internet Protocol (IP) Version 6 (IPV6) arrives into IP-based wireless networks. This new protocol will provide enough IP addresses to dedicate an IP address to every mobile device 100 and thus make it possible to push information to a mobile device 100 at any time. A principal advantage of using this wireless VPN router 75 is that it could be an off-the-shelf VPN component, thus it would not require a separate wireless gateway 85 and wireless infrastructure 90 to be used. A VPN connection would preferably be a Transmission Control Protocol (TCP)/IP or User Datagram Protocol (UDP)/IP connection to deliver the messages directly to the mobile device 100. If a wireless VPN 75 is not available then a link 95 to the Internet 20 is the most common connection mechanism available and has been described above.
In the automatic redirection system of FIG. 2, a composed e-mail message 15 leaving the e-mail sender 10 arrives at the message server 40 and is redirected by the redirection program 45 to the mobile device 100. As this redirection takes place the message 15 is re-enveloped, as indicated at 80, and a possibly proprietary compression and encryption algorithm can then be applied to the original message 15. In this way, messages being read on the mobile device 100 are no less secure than if they were read on a desktop workstation such as 35 within the firewall. All messages exchanged between the redirection program 45 and the mobile device 100 preferably use this message repackaging technique. Another goal of this outer envelope is to maintain the addressing information of the original message except the sender's and the receiver's address. This allows reply messages to reach the appropriate destination, and also allows the “from” field to reflect the mobile user's desktop address. Using the user's e-mail address from the mobile device 100 allows the received message to appear as though the message originated from the user's desktop system 35 rather than the mobile device 100.
With reference back to the port 50 and cradle 65 connectivity to the mobile device 100, this connection path offers many advantages for enabling one-time data exchange of large items. For those skilled in the art of personal digital assistants (PDAs) and synchronization, the most common data exchanged over this link is Personal Information Management (PIM) data 55. When exchanged for the first time this data tends to be large in quantity, bulky in nature and requires a large bandwidth to get loaded onto the mobile device 100 where it can be used on the road. This serial link may also be used for other purposes, including setting up a private security key 111 such as an S/MIME or PGP specific private key, the Certificate (Cert) of the user and their Certificate Revocation Lists (CRLs) 60. The private key is preferably exchanged so that the desktop 35 and mobile device 100 share one personality and one method for accessing all mail. The Cert and CRLs are normally exchanged over such a link because they represent a large amount of the data that is required by the device for S/MIME, PGP and other public key security methods.
FIG. 3 depicts a system wherein data transfers 230 between a secure location 220 and a less secure location 240 is managed on a mobile device 100 by a data transfer checker 202. A data transfer checker 202 can be implemented on a mobile device 100 as a software routine or in hardware or firmware. FIG. 4 provides several examples of locations 220 and 240. For example, location 220 may be a top-secret or secure network and location 240 may be an unrestricted network.
As another example, location 220 may be a first application that has received sensitive or confidential information. An attempt to transfer data from the first application to a second application may be prevented by the data transfer checker 202 because if the data transfer is successful to the second application, then the second application might be used to disseminate the sensitive data to an unsecured location.
FIG. 5 depicts an IT (information technology) administrator 250 (or its agent) providing data transfer criterion or settings 252 to a mobile device 100. The settings 252 can indicate what data transfers 230 are permitted and which ones are not permitted. The settings 252 can be stored in a data store 204 located on the mobile device 100 for access by a data transfer checker 202.
The IT administrator 250 can specify data transfer settings 252 to one or more devices. The settings 252 may be provided to the mobile device 100 over a network (or other data connection mechanism) in order to update the data store 204 on the mobile device 100. The mobile device 100 can be pre-programmed with the settings and can be updated by the IT administrator 250 or can have the initial settings provided by the IT administrator 250.
This provides, among other things, companies with the capability to customize data transfer settings to suit their needs. Also, an IT administrator 250 can provide the same settings to all mobile devices of the company, thereby ensuring that company mobile devices adhere to a consistent IT policy.
An IT policy can be enforced upon mobile devices in many ways, such as through the approaches described in the following commonly assigned United States patent application which is hereby incorporated by reference: “System And Method Of Owner Control Of Electronic Devices” (Ser. No. 10/732,132 filed on Dec. 10, 2003). This document illustrates how a user of the mobile device can be prevented from altering or erasing owner control information (e.g., data transfer settings 252) specified by an IT administrator 250.
FIGS. 6 and 7 illustrate a data transfer operational scenario 300. At step 302 in the operational scenario, data transfer settings can be provided to one or more mobile devices by IT administration personnel. A company's IT policy can specify that many different data transfer-related features can be enabled/disabled. As an illustration, the data transfer settings can enable/disable such security-related aspects associated with data transfers as the following:
    • whether data forwarding between service books should be allowed.
    • whether cut/copy/paste operations between applications should be allowed.
    • whether applications should be prevented from opening an internal and an external connection.
    • whether IPC (interprocess communication) should be allowed between applications.
      Using one or more of these features, the company can help ensure that their private data is kept secure. The data transfer settings are stored at step 304 in one or more data stores that are located on the mobile device.
At step 306, there is an attempt in this operational scenario to transfer data from a first location to a second location. Step 310 retrieves the data transfer settings, and decision step 312 examines whether the data transfer should occur in view of the data transfer settings. If the data transfer should occur as determined by decision step 312, then the data transfer occurs between the first location and the second location, and processing for this operational scenario terminates at end block 320.
However, if decision step 312 determines that the data transfer should not be allowed in view of the settings, then decision step 316 determines whether the user should be notified that the data transfer is not permitted. If the user is not to be notified (e.g., because the settings do not allow a feedback message), then processing for this operational scenario terminates at end block 320. However, if the user is to be notified as determined by decision block 316, then an indication is provided at step 318 to the user that the data transfer is being prevented. Processing for this operational scenario terminates at end block 320.
It should be understood that similar to the other processing flows described herein, the steps and the order of the steps in the flowchart described herein may be altered, modified and/or augmented and still achieve the desired outcome.
FIG. 8 illustrates a data transfer prevention feature mentioned above wherein data transfer 410 between services (400, 420) is prevented. Exemplary services comprise a company email service, a user's personal e-mail service, and an instant messaging service. This data transfer prevention feature allows the company to disable improper forwarding/replying between services. For example, if a user receives an email message via a first service 400, the user is unable to forward it to another email account via a second service 420 (such as a personal e-mail account of the user). Optionally, messages 440 that arrive via a source e-mail server 430 must be replied to or forwarded back through the same source e-mail server 430 from which the message 440 arrived.
FIG. 9 illustrates a data transfer prevention feature mentioned above wherein cut/copy/paste operations 510 are disabled for all or designated applications on the handheld mobile device 100. As an illustration, even if the forwarding between applications or services is disabled, a determined user may copy messages from one application 500, compose a new message in a different application 520 and send it through the different application 520. Disabling cut/copy/paste operations makes this much more difficult for the user to siphon data because they would be forced to retype the entire message or data.
FIG. 10 illustrates a data transfer prevention feature mentioned above wherein Inter-Process Communication (IPC) 710 can be disabled between applications (700, 720) that operate on a mobile device 100. As is known to one skilled in the art, an application may initiate one or more processes in order to accomplish certain tasks on the handheld mobile device 100. This data transfer prevention feature would prevent two malicious applications (700, 720) working together to siphon data. As an example, one application 700 could open up a connection inside the firewall, and another application 720 could open a connection outside the firewall. Then using IPC 710, they could transfer data between the two applications (700, 720) and effectively siphon data. Disabling IPC between the applications (700, 720) prevents this type of attack from occurring.
The data transfer prevention provided by a data transfer checker 202 would inadvertently prohibit IPC between an e-mail program and an address book that are operating on the mobile device 100. Thus, a company can additionally choose which applications are allowed to use IPC, as some applications, such as the e-mail program and the address book, may have a valid use for it.
The systems and methods disclosed herein are presented only by way of example and are not meant to limit the scope of the invention. Other variations of the systems and methods described above will be apparent to those skilled in the art and as such are considered to be within the scope of the invention. For example, a system and method can be configured to include the following. A data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.
As another example of a system and method, a system and method can receive a data transfer request to transfer data from a first location to a second location, wherein the first location is more secure than the second location. Data transfer settings are retrieved from a data store responsive to receiving the data transfer request. The data transfer settings indicate whether a data transfer is to occur based upon a security-related aspect associated with the data transfer. The data transfer settings are used to determine whether to transfer the data from the first location to the second location based upon the data transfer settings. The data is transferred responsive to the determining step.
A system and method may be configured to consider one or more different data transfer security-related aspects, such as level of security associated with the destination of the data transfer. As other examples, a security related aspect can include the type of communication operation to be performed between the first location and the second location such as the type of communication to occur. The type of data transfer operation could include data forwarding between service books, opening an internal and an external connection, an Inter-Process Communication (IPC) between applications, and/or a cut-copy-paste type operation between applications.
As another example, the systems and methods disclosed herein may be used with many different computers and devices, such as a wireless mobile communications device shown in FIG. 11. With reference to FIG. 11, the mobile device 100 is a dual-mode mobile device and includes a transceiver 811, a microprocessor 838, a display 822, non-volatile memory 824, random access memory (RAM) 826, one or more auxiliary input/output (I/O) devices 828, a serial port 830, a keyboard 832, a speaker 834, a microphone 836, a short-range wireless communications sub-system 840, and other device sub-systems 842.
The transceiver 811 includes a receiver 812, a transmitter 814, antennas 816 and 818, one or more local oscillators 813, and a digital signal processor (DSP) 820. The antennas 816 and 818 may be antenna elements of a multiple-element antenna, and are preferably embedded antennas. However, the systems and methods described herein are in no way restricted to a particular type of antenna, or even to wireless communication devices.
The mobile device 100 is preferably a two-way communication device having voice and data communication capabilities. Thus, for example, the mobile device 100 may communicate over a voice network, such as any of the analog or digital cellular networks, and may also communicate over a data network. The voice and data networks are depicted in FIG. 11 by the communication tower 819. These voice and data networks may be separate communication networks using separate infrastructure, such as base stations, network controllers, etc., or they may be integrated into a single wireless network.
The transceiver 811 is used to communicate with the network 819, and includes the receiver 812, the transmitter 814, the one or more local oscillators 813 and the DSP 820. The DSP 820 is used to send and receive signals to and from the transceivers 816 and 818, and also provides control information to the receiver 812 and the transmitter 814. If the voice and data communications occur at a single frequency, or closely-spaced sets of frequencies, then a single local oscillator 813 may be used in conjunction with the receiver 812 and the transmitter 814. Alternatively, if different frequencies are utilized for voice communications versus data communications for example, then a plurality of local oscillators 813 can be used to generate a plurality of frequencies corresponding to the voice and data networks 819. Information, which includes both voice and data information, is communicated to and from the transceiver 811 via a link between the DSP 820 and the microprocessor 838.
The detailed design of the transceiver 811, such as frequency band, component selection, power level, etc., will be dependent upon the communication network 819 in which the mobile device 100 is intended to operate. For example, a mobile device 100 intended to operate in a North American market may include a transceiver 811 designed to operate with any of a variety of voice communication networks, such as the Mobitex or DataTAC mobile data communication networks, AMPS, TDMA, CDMA, PCS, etc., whereas a mobile device 100 intended for use in Europe may be configured to operate with the GPRS data communication network and the GSM voice communication network. Other types of data and voice networks, both separate and integrated, may also be utilized with a mobile device 100.
Depending upon the type of network or networks 819, the access requirements for the mobile device 100 may also vary. For example, in the Mobitex and DataTAC data networks, mobile devices are registered on the network using a unique identification number associated with each mobile device. In GPRS data networks, however, network access is associated with a subscriber or user of a mobile device. A GPRS device typically requires a subscriber identity module (“SIM”), which is required in order to operate a mobile device on a GPRS network. Local or non-network communication functions (if any) may be operable, without the SIM device, but a mobile device will be unable to carry out any functions involving communications over the data network 819, other than any legally required operations, such as ‘911’ emergency calling.
After any required network registration or activation procedures have been completed, the mobile device 100 may the send and receive communication signals, including both voice and data signals, over the networks 819. Signals received by the antenna 816 from the communication network 819 are routed to the receiver 812, which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog to digital conversion of the received signal allows more complex communication functions, such as digital demodulation and decoding to be performed using the DSP 820. In a similar manner, signals to be transmitted to the network 819 are processed, including modulation and encoding, for example, by the DSP 820 and are then provided to the transmitter 814 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to the communication network 819 via the antenna 818.
In addition to processing the communication signals, the DSP 820 also provides for transceiver control. For example, the gain levels applied to communication signals in the receiver 812 and the transmitter 814 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 820. Other transceiver control algorithms could also be implemented in the DSP 820 in order to provide more sophisticated control of the transceiver 811.
The microprocessor 838 preferably manages and controls the overall operation of the mobile device 100. Many types of microprocessors or microcontrollers could be used here, or, alternatively, a single DSP 820 could be used to carry out the functions of the microprocessor 838. Low-level communication functions, including at least data and voice communications, are performed through the DSP 820 in the transceiver 811. Other, high-level communication applications, such as a voice communication application 824A, and a data communication application 824B may be stored in the non-volatile memory 824 for execution by the microprocessor 838. For example, the voice communication module 824A may provide a high-level user interface operable to transmit and receive voice calls between the mobile device 100 and a plurality of other voice or dual-mode devices via the network 819. Similarly, the data communication module 824B may provide a high-level user interface operable for sending and receiving data, such as e-mail messages, files, organizer information, short text messages, etc., between the mobile device 100 and a plurality of other data devices via the networks 819.
The microprocessor 838 also interacts with other device subsystems, such as the display 822, the RAM 826, the auxiliary input/output (I/O) subsystems 828, the serial port 830, the keyboard 832, the speaker 834, the microphone 836, the short-range communications subsystem 840 and any other device subsystems generally designated as 842.
Some of the subsystems shown in FIG. 11 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions. Notably, some subsystems, such as the keyboard 832 and the display 822 may be used for both communication-related functions, such as entering a text message for transmission over a data communication network, and device-resident functions such as a calculator or task list or other PDA type functions.
Operating system software used by the microprocessor 838 is preferably stored in a persistent store such as non-volatile memory 824. The non-volatile memory 824 may be implemented, for example, as a Flash memory component, or as battery backed-up RAM. In addition to the operating system, which controls low-level functions of the mobile device 810, the non-volatile memory 824 includes a plurality of software modules 824A-824N that can be executed by the microprocessor 838 (and/or the DSP 820), including a voice communication module 824A, a data communication module 824B, and a plurality of other operational modules 824N for carrying out a plurality of other functions. These modules are executed by the microprocessor 838 and provide a high-level interface between a user and the mobile device 100. This interface typically includes a graphical component provided through the display 822, and an input/output component provided through the auxiliary I/O 828, keyboard 832, speaker 834, and microphone 836. The operating system, specific device applications or modules, or parts thereof, may be temporarily loaded into a volatile store, such as RAM 826 for faster operation. Moreover, received communication signals may also be temporarily stored to RAM 826, before permanently writing them to a file system located in a persistent store such as the Flash memory 824.
An exemplary application module 824N that may be loaded onto the mobile device 100 is a personal information manager (PIM) application providing PDA functionality, such as calendar events, appointments, and task items. This module 824N may also interact with the voice communication module 824A for managing phone calls, voice mails, etc., and may also interact with the data communication module for managing e-mail communications and other data transmissions. Alternatively, all of the functionality of the voice communication module 824A and the data communication module 824B may be integrated into the PIM module.
The non-volatile memory 824 preferably also provides a file system to facilitate storage of PIM data items on the device. The PIM application preferably includes the ability to send and receive data items, either by itself, or in conjunction with the voice and data communication modules 824A, 824B, via the wireless networks 819. The PIM data items are preferably seamlessly integrated, synchronized and updated, via the wireless networks 819, with a corresponding set of data items stored or associated with a host computer system, thereby creating a mirrored system for data items associated with a particular user.
Context objects representing at least partially decoded data items, as well as fully decoded data items, are preferably stored on the mobile device 100 in a volatile and non-persistent store such as the RAM 826. Such information may instead be stored in the non-volatile memory 824, for example, when storage intervals are relatively short, such that the information is removed from memory soon after it is stored. However, storage of this information in the RAM 826 or another volatile and non-persistent store is preferred, in order to ensure that the information is erased from memory when the mobile device 100 loses power. This prevents an unauthorized party from obtaining any stored decoded or partially decoded information by removing a memory chip from the mobile device 100, for example.
The mobile device 100 may be manually synchronized with a host system by placing the device 100 in an interface cradle, which couples the serial port 830 of the mobile device 100 to the serial port of a computer system or device. The serial port 830 may also be used to enable a user to set preferences through an external device or software application, or to download other application modules 824N for installation. This wired download path may be used to load an encryption key onto the device, which is a more secure method than exchanging encryption information via the wireless network 819. Interfaces for other wired download paths may be provided in the mobile device 100, in addition to or instead of the serial port 830. For example, a USB port would provide an interface to a similarly equipped personal computer.
Additional application modules 824N may be loaded onto the mobile device 100 through the networks 819, through an auxiliary I/O subsystem 828, through the serial port 830, through the short-range communications subsystem 840, or through any other suitable subsystem 842, and installed by a user in the non-volatile memory 824 or RAM 826. Such flexibility in application installation increases the functionality of the mobile device 100 and may provide enhanced on-device functions, communication-related functions, or both. For example, secure communication applications may enable electronic commerce functions and other such financial transactions to be performed using the mobile device 100.
When the mobile device 100 is operating in a data communication mode, a received signal, such as a text message or a web page download, is processed by the transceiver module 811 and provided to the microprocessor 838, which preferably further processes the received signal in multiple stages as described above, for eventual output to the display 822, or, alternatively, to an auxiliary I/O device 828. A user of mobile device 100 may also compose data items, such as e-mail messages, using the keyboard 832, which is preferably a complete alphanumeric keyboard laid out in the QWERTY style, although other styles of complete alphanumeric keyboards such as the known DVORAK style may also be used. User input to the mobile device 100 is further enhanced with a plurality of auxiliary I/O devices 828, which may include a thumbwheel input device, a touchpad, a variety of switches, a rocker input switch, etc. The composed data items input by the user may then be transmitted over the communication networks 819 via the transceiver module 811.
When the mobile device 100 is operating in a voice communication mode, the overall operation of the mobile device is substantially similar to the data mode, except that received signals are preferably be output to the speaker 834 and voice signals for transmission are generated by a microphone 836. Alternative voice or audio I/O subsystems, such as a voice message recording subsystem, may also be implemented on the mobile device 100. Although voice or audio signal output is preferably accomplished primarily through the speaker 834, the display 822 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information. For example, the microprocessor 838, in conjunction with the voice communication module and the operating system software, may detect the caller identification information of an incoming voice call and display it on the display 822.
A short-range communications subsystem 840 is also included in the mobile device 100. The subsystem 840 may include an infrared device and associated circuits and components, or a short-range RF communication module such as a Bluetooth™ module or an 802.11 module, for example, to provide for communication with similarly-enabled systems and devices. Those skilled in the art will appreciate that “Bluetooth” and “802.11” refer to sets of specifications, available from the Institute of Electrical and Electronics Engineers, relating to wireless personal area networks and wireless local area networks, respectively.
The systems' and methods' data may be stored in one or more data stores. The data stores can be of many different types of storage devices and programming constructs, such as RAM, ROM, Flash memory, programming data structures, programming variables, etc. It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
The systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.
The computer components, software modules, functions and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code. The software components and/or functionality may be located on a single computing device or distributed across multiple computing devices depending upon the situation at hand.

Claims (43)

What is claimed is:
1. A method of handling data transfers on a device, comprising:
receiving, from an application that accesses data associated with a first location, a request to open a connection with a second location;
retrieving, from a data store on the device, one or more data transfer settings responsive to receiving the request;
wherein the one or more data transfer settings are indicative of a security-related policy for data transfers, the security-related policy being associated with the first location; and
determining whether to permit the request or not permit the request based upon the one or more data transfer settings.
2. The method of claim 1, wherein the first location comprises a server, wherein the second location comprises a server, and wherein the request is to open the connection via a network.
3. The method of claim 1, wherein the application is a first application, wherein the second location comprises a second application, wherein the request is to open the connection for Inter-Process Communication (IPC) from the first application to the second application.
4. The method of claim 1, wherein the determining comprises using a level of security associated with the first location, and using a level of security associated with the second location.
5. The method of claim 1, wherein receiving the request comprises receiving a request to transfer data from the application running on the device to another application on the device.
6. The method of claim 1, wherein receiving the request comprises receiving a request to transfer data from the device to another device.
7. The method of claim 1, further comprising:
receiving the one or more data transfer settings from a server via a wireless network.
8. A device, comprising:
a data store that stores a data transfer setting, wherein the data transfer setting is indicative of a security-related policy for data transfers, the security-related policy being associated with a first location; and
a processor configured to perform operations comprising:
receiving, from an application that accesses data associated with the first location, a request to open a connection with a second location;
retrieving, from the data store, the data transfer setting responsive to receiving the request; and
determining whether to permit the request or not permit the request based upon the data transfer setting.
9. The device of claim 8, wherein the first location comprises a server, wherein the second location comprises a server, and wherein the request is to open the connection via a network.
10. The device of claim 8, wherein the application is a first application, wherein the second location comprises a second application, wherein the request is to open the connection for Inter-Process Communication (IPC) from the first application to the second application.
11. The device of claim 8, wherein the determining comprises using a level of security associated with the first location, and using a level of security associated with the second location.
12. The device of claim 8, wherein receiving the request comprises receiving a request to transfer data from the application running on the device to another application on the device.
13. The device of claim 8, wherein receiving the request comprises receiving a request to transfer data from the device to another device.
14. The device of claim 8, the operations further comprising:
receiving the data transfer setting from a server via a wireless network; and
storing the data transfer setting in the data store.
15. A computer storage device encoded with a computer program, the program comprising instructions that when executed by a communication device cause the communication device to perform operations comprising:
receiving, from an application that accesses data associated with a first location, a request to open a connection with a second location;
retrieving, in response to receiving the request, one or more data transfer settings, which are indicative of a security-related policy for data transfers, the security-related policy being associated with the first location; and
determining whether to permit the request or not permit the request based upon the one or more data transfer settings.
16. The computer storage device of claim 15, wherein the first location comprises a server, wherein the second location comprises a server, and wherein the request is to open the connection via a network.
17. The computer storage device of claim 15, wherein the application is a first application, wherein the second location comprises a second application, wherein the request is to open the connection for Inter-Process Communication (IPC) from the first application to the second application.
18. The computer storage device of claim 15, wherein the determining comprises using a level of security associated with the first location, and using a level of security associated with the second location.
19. The computer storage device of claim 15, wherein receiving the request comprises receiving a request to transfer data from the application running on the communication device to another application on the communication device.
20. The computer storage device of claim 15, wherein receiving the request comprises receiving a request to transfer data from the communication device to another communication device.
21. The computer storage device of claim 15, the operations further comprising:
receiving the one or more data transfer settings from a server via a wireless network.
22. A method of handling data transfers on a device, comprising:
receiving, from an application that accesses data associated with a first location, a request to open a connection with a second location, wherein the request includes at least one of copying, cutting, or pasting data;
retrieving, from a data store on the device, one or more data transfer settings responsive to receiving the request;
wherein the one or more data transfer settings are indicative of a security-related policy for data transfers, the security-related policy being associated with the first location; and
determining whether to permit the request or not permit the request based upon the one or more data transfer settings.
23. A method of handling data transfers on a device, comprising:
receiving a request associated with transferring data between a first application and a second application, the first application accessing data associated with a first network and the second application accessing data associated with a second network;
retrieving, from memory of the device, one or more data transfer settings in response to the request, the one or more data transfer settings indicative of a security-related policy for data transfers, the security-related policy associated with the first network; and
determining whether to execute the request based on the one or more data transfer settings.
24. The method of claim 23, wherein the request includes a request to cut data or copy data from the first application.
25. The method of claim 23, wherein the first network has a first security level higher than a second security level of the second network.
26. The method of claim 23, further comprising:
determining that the request includes a request to transfer data from the first application to the second application;
determining a transfer from the first application to the second application violates the security-related policy; and
prohibiting the data transfer in response to the violation.
27. The method of claim 26, wherein the data transfer includes pasting data cut or copied from the first application to the second application or communicating using Inter-Process Communication (IPC) between the first application and the second application.
28. The method of claim 26, wherein prohibiting the data transfer comprises preventing the first application from establishing a connection with the first network while the second application is connected with the second network or preventing transfer of the data between a first service book associated with the first application and a second service book associated with the second application.
29. The method of claim 23, wherein determining whether to execute the request is further based on a level of security associated with the first application and a level of security associated with the second application.
30. A device, comprising:
a data store that stores one or more data transfer settings indicative of a security-related policy for data transfers, the security-related policy associated with the first network; and
a processor configured to:
receive a request associated with transferring data between a first application and a second application, the first application accessing data associated with a first network and the second application accessing data associated with a second network;
retrieve, from the data store, the one or more data transfer settings in response to the request; and
determine whether to execute the request based on the one or more data transfer settings.
31. The device of claim 30, wherein the request includes a request to cut data or copy data from the first application.
32. The device of claim 30, wherein the first network has a first security level higher than a second security level of the second network.
33. The device of claim 30, the device further configured to:
determine that the request includes a request to transfer data from the first application to the second application;
determine a transfer from the first application to the second application violates the security-related policy; and
prohibit the data transfer in response to the violation.
34. The device of claim 33, wherein the data transfer includes pasting data cut or copied from the first application to the second application or communicating using Inter-Process Communication (IPC) between the first application and the second application.
35. The device of claim 33, wherein prohibiting the data transfer comprises preventing the first application from establishing a connection with the first network while the second application is connected with the second network or preventing transfer of the data between a first service book associated with the first application and a second service book associated with the second application.
36. The device of claim 30, wherein determining whether to execute the request is further based on a level of security associated with the first application and a level of security associated with the second application.
37. A computer program product encoded on a tangible, non-transitory storage medium, the product comprising computer readable instructions for causing one or more processors to perform operations comprising:
receiving a request associated with transferring data between a first application and a second application, the first application accessing data associated with a first network and the second application accessing data associated with a second network;
retrieving, from memory of the device, one or more data transfer settings in response to the request, wherein the one or more data transfer settings are indicative of a security-related policy for data transfers, the security-related policy associated with the first network; and
determining whether to execute the request based on the one or more data transfer settings.
38. The computer program product of claim 37, wherein the request includes a request to cut data or copy data from the first application.
39. The computer program product of claim 37, wherein the first network has a first security level higher than a second security level of the second network.
40. The computer program product of claim 37, the operations further comprising:
determining that the request includes a request to transfer data from the first application to the second application;
determining a transfer from the first application to the second application violates the security-related policy; and
prohibiting the data transfer in response to the violation.
41. The computer program product of claim 40, wherein the data transfer includes pasting data cut or copied from the first application to the second application or communicating using Inter-Process Communication (IPC) between the first application and the second application.
42. The computer program product of claim 40, wherein prohibiting the data transfer comprises preventing the first application from establishing a connection with the first network while the second application is connected with the second network or preventing transfer of the data between a first service book associated with the first application and a second service book associated with the second application.
43. The computer program product of claim 37, wherein determining whether to execute the request is further based on a level of security associated with the first application and a level of security associated with the second application.
US13/490,956 2004-04-30 2012-06-07 System and method for handling data transfers Active USRE44746E1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US13/490,956 USRE44746E1 (en) 2004-04-30 2012-06-07 System and method for handling data transfers
US14/163,416 USRE46083E1 (en) 2004-04-30 2014-01-24 System and method for handling data transfers
US15/177,759 USRE48679E1 (en) 2004-04-30 2016-06-09 System and method for handling data transfers
US17/376,006 USRE49721E1 (en) 2004-04-30 2021-07-14 System and method for handling data transfers

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US56729304P 2004-04-30 2004-04-30
US11/118,791 US7734284B2 (en) 2004-04-30 2005-04-29 System and method for handling data transfers
US12/795,252 US8005469B2 (en) 2004-04-30 2010-06-07 System and method for handling data transfers
US13/490,956 USRE44746E1 (en) 2004-04-30 2012-06-07 System and method for handling data transfers

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/795,252 Reissue US8005469B2 (en) 2004-04-30 2010-06-07 System and method for handling data transfers

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US12/795,252 Continuation US8005469B2 (en) 2004-04-30 2010-06-07 System and method for handling data transfers
US14/163,416 Continuation USRE46083E1 (en) 2004-04-30 2014-01-24 System and method for handling data transfers

Publications (1)

Publication Number Publication Date
USRE44746E1 true USRE44746E1 (en) 2014-02-04

Family

ID=35242007

Family Applications (6)

Application Number Title Priority Date Filing Date
US11/118,791 Active 2026-09-20 US7734284B2 (en) 2004-04-30 2005-04-29 System and method for handling data transfers
US12/795,252 Ceased US8005469B2 (en) 2004-04-30 2010-06-07 System and method for handling data transfers
US13/490,956 Active USRE44746E1 (en) 2004-04-30 2012-06-07 System and method for handling data transfers
US14/163,416 Active USRE46083E1 (en) 2004-04-30 2014-01-24 System and method for handling data transfers
US15/177,759 Active USRE48679E1 (en) 2004-04-30 2016-06-09 System and method for handling data transfers
US17/376,006 Active USRE49721E1 (en) 2004-04-30 2021-07-14 System and method for handling data transfers

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11/118,791 Active 2026-09-20 US7734284B2 (en) 2004-04-30 2005-04-29 System and method for handling data transfers
US12/795,252 Ceased US8005469B2 (en) 2004-04-30 2010-06-07 System and method for handling data transfers

Family Applications After (3)

Application Number Title Priority Date Filing Date
US14/163,416 Active USRE46083E1 (en) 2004-04-30 2014-01-24 System and method for handling data transfers
US15/177,759 Active USRE48679E1 (en) 2004-04-30 2016-06-09 System and method for handling data transfers
US17/376,006 Active USRE49721E1 (en) 2004-04-30 2021-07-14 System and method for handling data transfers

Country Status (12)

Country Link
US (6) US7734284B2 (en)
EP (1) EP1741225B1 (en)
JP (1) JP4465387B2 (en)
KR (1) KR100926804B1 (en)
CN (2) CN1951060B (en)
AT (1) ATE500698T1 (en)
AU (2) AU2005239005A1 (en)
BR (1) BRPI0510378B1 (en)
CA (1) CA2564914C (en)
DE (1) DE602005026643D1 (en)
HK (2) HK1099864A1 (en)
WO (1) WO2005107144A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150087288A1 (en) * 2013-09-24 2015-03-26 Motorola Mobility Llc System and method for transferring software applications and data between two mobile devices with different operating systems
US11323447B2 (en) * 2019-07-09 2022-05-03 Hexagon Technology Center Gmbh Digital data access control and automated synthesization of capabilities

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836147B2 (en) * 2001-02-27 2010-11-16 Verizon Data Services Llc Method and apparatus for address book contact sharing
EP1540446A2 (en) 2002-08-27 2005-06-15 TD Security, Inc., dba Trust Digital, LLC Enterprise-wide security system for computer devices
US20080261633A1 (en) * 2002-10-22 2008-10-23 Research In Motion Limited System and Method for Pushing Information from a Host System to a Mobile Data Communication Device
WO2005064498A1 (en) 2003-12-23 2005-07-14 Trust Digital, Llc System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US7400878B2 (en) 2004-02-26 2008-07-15 Research In Motion Limited Computing device with environment aware features
AU2005239005A1 (en) 2004-04-30 2005-11-10 Research In Motion Limited System and method for handling data transfers
US8495700B2 (en) 2005-02-28 2013-07-23 Mcafee, Inc. Mobile data security system and methods
US8572676B2 (en) 2008-11-06 2013-10-29 Mcafee, Inc. System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices
US7614082B2 (en) 2005-06-29 2009-11-03 Research In Motion Limited System and method for privilege management and revocation
US8626128B2 (en) 2011-04-07 2014-01-07 Microsoft Corporation Enforcing device settings for mobile devices
WO2007029116A2 (en) * 2005-07-01 2007-03-15 0733660 B.C. Ltd. Dba E-Mail2, Inc. Electronic mail messaging system
US8259568B2 (en) * 2006-10-23 2012-09-04 Mcafee, Inc. System and method for controlling mobile device access to a network
KR100865943B1 (en) * 2008-05-15 2008-10-30 주식회사 스마트카드연구소 System and method for security of transmission and receipt using nfc
US20110202416A1 (en) * 2010-02-12 2011-08-18 Mark Buer Method and system for authorizing transactions based on device location
US8935384B2 (en) 2010-05-06 2015-01-13 Mcafee Inc. Distributed data revocation using data commands
WO2012037658A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
CN103229182B (en) 2010-09-24 2016-05-25 黑莓有限公司 Be used for the method and apparatus of the access control of differentiation
US20120131116A1 (en) * 2010-11-15 2012-05-24 Van Quy Tu Controlling data transfer on mobile devices
US8560722B2 (en) 2011-03-18 2013-10-15 International Business Machines Corporation System and method to govern sensitive data exchange with mobile devices based on threshold sensitivity values
US9215225B2 (en) 2013-03-29 2015-12-15 Citrix Systems, Inc. Mobile device locking with context
US20140032733A1 (en) 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US20140053234A1 (en) 2011-10-11 2014-02-20 Citrix Systems, Inc. Policy-Based Application Management
US8881229B2 (en) 2011-10-11 2014-11-04 Citrix Systems, Inc. Policy-based application management
US9280377B2 (en) 2013-03-29 2016-03-08 Citrix Systems, Inc. Application with multiple operation modes
US9143529B2 (en) 2011-10-11 2015-09-22 Citrix Systems, Inc. Modifying pre-existing mobile applications to implement enterprise security policies
US9497220B2 (en) 2011-10-17 2016-11-15 Blackberry Limited Dynamically generating perimeters
US9161226B2 (en) 2011-10-17 2015-10-13 Blackberry Limited Associating services to perimeters
US9613219B2 (en) 2011-11-10 2017-04-04 Blackberry Limited Managing cross perimeter access
US8799227B2 (en) 2011-11-11 2014-08-05 Blackberry Limited Presenting metadata from multiple perimeters
US9262604B2 (en) 2012-02-01 2016-02-16 Blackberry Limited Method and system for locking an electronic device
US9698975B2 (en) 2012-02-15 2017-07-04 Blackberry Limited Key management on device for perimeters
US9077622B2 (en) 2012-02-16 2015-07-07 Blackberry Limited Method and apparatus for automatic VPN login on interface selection
EP2629478B1 (en) 2012-02-16 2018-05-16 BlackBerry Limited Method and apparatus for separation of connection data by perimeter type
US8931045B2 (en) 2012-02-16 2015-01-06 Blackberry Limited Method and apparatus for management of multiple grouped resources on device
US9594921B2 (en) * 2012-03-02 2017-03-14 International Business Machines Corporation System and method to provide server control for access to mobile client data
US9369466B2 (en) 2012-06-21 2016-06-14 Blackberry Limited Managing use of network resources
US8972762B2 (en) 2012-07-11 2015-03-03 Blackberry Limited Computing devices and methods for resetting inactivity timers on computing devices
US8726343B1 (en) 2012-10-12 2014-05-13 Citrix Systems, Inc. Managing dynamic policies and settings in an orchestration framework for connected devices
US9516022B2 (en) 2012-10-14 2016-12-06 Getgo, Inc. Automated meeting room
US20140109171A1 (en) 2012-10-15 2014-04-17 Citrix Systems, Inc. Providing Virtualized Private Network tunnels
US20140109176A1 (en) 2012-10-15 2014-04-17 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US8910239B2 (en) 2012-10-15 2014-12-09 Citrix Systems, Inc. Providing virtualized private network tunnels
CN104854561B (en) 2012-10-16 2018-05-11 思杰系统有限公司 Application program for application management framework encapsulates
US20140108793A1 (en) 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US9075955B2 (en) 2012-10-24 2015-07-07 Blackberry Limited Managing permission settings applied to applications
US8656016B1 (en) 2012-10-24 2014-02-18 Blackberry Limited Managing application execution and data access on a device
US9369449B2 (en) 2013-03-29 2016-06-14 Citrix Systems, Inc. Providing an enterprise application store
US9355223B2 (en) 2013-03-29 2016-05-31 Citrix Systems, Inc. Providing a managed browser
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US20140297840A1 (en) 2013-03-29 2014-10-02 Citrix Systems, Inc. Providing mobile device management functionalities
US8849979B1 (en) 2013-03-29 2014-09-30 Citrix Systems, Inc. Providing mobile device management functionalities
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
EP2919431B1 (en) * 2014-03-12 2017-11-08 Accenture Global Services Limited Secure distribution of electronic content taking into account receiver's location
WO2020030270A1 (en) * 2018-08-08 2020-02-13 Huawei Technologies Co., Ltd. Apparatus and method for secure interprocess messaging
WO2020150978A1 (en) * 2019-01-24 2020-07-30 Citrix Systems, Inc. Optimized network selection
CN110309004A (en) * 2019-06-25 2019-10-08 维沃移动通信有限公司 The processing method and terminal of data
EP4141668A1 (en) * 2019-07-09 2023-03-01 Hexagon Technology Center GmbH System for controlling access to digital data and algorithms

Citations (198)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4815128A (en) 1986-07-03 1989-03-21 Motorola, Inc. Gateway system and method for interconnecting telephone calls with a digital voice protected radio network
US4837812A (en) 1985-12-21 1989-06-06 Ricoh Company, Ltd. Dual connection mode equipped communication control apparatus
US4945556A (en) 1985-07-09 1990-07-31 Alpine Electronics Inc. Method of locking function of mobile telephone system
US4972457A (en) 1989-01-19 1990-11-20 Spectrum Information Technologies, Inc. Portable hybrid communication system and methods
US4991197A (en) 1988-09-01 1991-02-05 Intelligence Technology Corporation Method and apparatus for controlling transmission of voice and data signals
US5220604A (en) 1990-09-28 1993-06-15 Digital Equipment Corporation Method for performing group exclusion in hierarchical group structures
EP0605106A1 (en) 1992-12-03 1994-07-06 Data Security, Inc. Computer security metapolicy system
US5408520A (en) 1992-11-09 1995-04-18 Compaq Computer Corporation Modem for tight coupling between a computer and a cellular telephone
WO1996025828A1 (en) 1995-02-15 1996-08-22 Nokia Mobile Phones Ltd. A method for using applications in a mobile station, a mobile station, and a system for effecting payments
US5606594A (en) 1994-01-27 1997-02-25 Dell Usa, L.P. Communication accessory and method of telecommunicating for a PDA
US5774551A (en) 1995-08-07 1998-06-30 Sun Microsystems, Inc. Pluggable account management interface with unified login and logout and multiple user authentication services
US5802483A (en) 1989-10-31 1998-09-01 Morris; Walker C. Method and apparatus for transmission of data and voice
US5826265A (en) 1996-12-06 1998-10-20 International Business Machines Corporation Data management system having shared libraries
US5850515A (en) 1995-03-17 1998-12-15 Advanced Micro Devices, Inc. Intrusion control in repeater based networks
US5864765A (en) 1996-03-01 1999-01-26 Telefonaktiebolaget Lm Ericsson Method and arrangement relating to mobile telephone terminals
WO1999005814A2 (en) 1997-07-24 1999-02-04 Worldtalk Corporation E-mail firewall with stored key encryption/decryption
US5987611A (en) 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US5987440A (en) 1996-07-22 1999-11-16 Cyva Research Corporation Personal information security and exchange tool
US6052735A (en) 1997-10-24 2000-04-18 Microsoft Corporation Electronic mail object synchronization between a desktop computer and mobile device
EP0973350A3 (en) 1998-07-17 2000-04-19 Phone.Com Inc. Method and apparatus for providing access control to local services of mobile devices
US6088693A (en) 1996-12-06 2000-07-11 International Business Machines Corporation Data management system for file and database management
US6105132A (en) 1997-02-20 2000-08-15 Novell, Inc. Computer network graded authentication system and method
JP2000253241A (en) 1999-02-26 2000-09-14 Matsushita Electric Ind Co Ltd Data monitoring method and device therefor
WO2000059225A1 (en) 1999-03-26 2000-10-05 Motorola Inc. Secure wireless electronic-commerce system with wireless network domain
US6131136A (en) 1997-12-12 2000-10-10 Gateway 2000, Inc. Dual mode modem for automatically selecting between wireless and wire-based communication modes
WO2000060434A1 (en) 1999-04-06 2000-10-12 Microsoft Corporation Method and system for controlling execution of computer programs
JP2001077811A (en) 1999-09-01 2001-03-23 Akuton Technology Kk Network interface card
US6219694B1 (en) * 1998-05-29 2001-04-17 Research In Motion Limited System and method for pushing information from a host system to a mobile data communication device having a shared electronic address
US6233446B1 (en) 1997-04-08 2001-05-15 Telefonaktiebolaget Lm Ericsson Arrangement for improving security in a communication system supporting user mobility
US6243756B1 (en) 1997-06-23 2001-06-05 Compaq Computer Corporation Network device with unified management
US6253326B1 (en) 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
JP2001203761A (en) 2000-01-20 2001-07-27 Dainippon Printing Co Ltd Repeater and network system provided with the same
US6285889B1 (en) 1996-08-08 2001-09-04 Nokia Mobile Phones Limited Information output system, method for outputting information and terminal devices for outputting information via mobile communication network
US6292798B1 (en) 1998-09-09 2001-09-18 International Business Machines Corporation Method and system for controlling access to data resources and protecting computing system resources from unauthorized access
US20010047485A1 (en) 2000-03-06 2001-11-29 Daniel Brown Computer security system
US20010056549A1 (en) 2000-06-08 2001-12-27 Alcatel Method of providing access control for and/or vis-a-vis users accessing the internet from terminals via a private access node, and arrangements for putting this kind of method into practice
US6343313B1 (en) 1996-03-26 2002-01-29 Pixion, Inc. Computer conferencing system with real-time multipoint, multi-speed, multi-stream scalability
US20020013815A1 (en) 2000-07-28 2002-01-31 Obradovich Michael L. Technique for effective organization and communication of information
US20020019944A1 (en) 2000-08-14 2002-02-14 International Business Machines Corporation Method and system for granting acces to information for electronic commerce
US6351816B1 (en) 1996-05-30 2002-02-26 Sun Microsystems, Inc. System and method for securing a program's execution in a network environment
US20020031230A1 (en) 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US6360322B1 (en) 1998-09-28 2002-03-19 Symantec Corporation Automatic recovery of forgotten passwords
US6405202B1 (en) 1998-04-27 2002-06-11 Trident Systems, Inc. System and method for adding property level security to an object oriented database
US6412070B1 (en) 1998-09-21 2002-06-25 Microsoft Corporation Extensible security system and method for controlling access to objects in a computing environment
US20020087880A1 (en) * 2000-12-29 2002-07-04 Storage Technology Corporation Secure gateway multiple automated data storage system sharing
US20020095414A1 (en) 2000-10-19 2002-07-18 General Electric Company Delegated administration of information in a database directory
US20020095497A1 (en) 2001-01-17 2002-07-18 Satagopan Murli D. Caching user network access information within a network
US20020112155A1 (en) 2000-07-10 2002-08-15 Martherus Robin E. User Authentication
JP2002288087A (en) 2001-03-23 2002-10-04 Humming Heads Inc Information processor and method therefor, information processing system and control method thereof, and program
US6490289B1 (en) 1998-11-03 2002-12-03 Cisco Technology, Inc. Multiple network connections from a single PPP link with network address translation
US20020184398A1 (en) 1996-12-18 2002-12-05 Orenshteyn Alexander S. Secured system for accessing application services from a remote station
US20030005317A1 (en) 2001-06-28 2003-01-02 Audebert Yves Louis Gabriel Method and system for generating and verifying a key protection certificate
US20030014521A1 (en) 2001-06-28 2003-01-16 Jeremy Elson Open platform architecture for shared resource access management
US6516421B1 (en) 1999-10-27 2003-02-04 International Business Machines Corporation Method and means for adjusting the timing of user-activity-dependent changes of operational state of an apparatus
US20030026220A1 (en) * 2001-07-31 2003-02-06 Christopher Uhlik System and related methods to facilitate delivery of enhanced data services in a mobile wireless communications environment
US20030031184A1 (en) 2001-08-13 2003-02-13 Sbc Technology Resources, Inc. Authentication for use of high speed network resources
US20030035397A1 (en) 2001-08-17 2003-02-20 Amit Haller System, device and computer readable medium for providing networking services on a mobile device
US20030054860A1 (en) 2001-07-10 2003-03-20 E-Lead Electronic Co., Ltd. Telephone dialing apparatus capable of directly downloading telephone directory from mobile phone subscriber identity module card
US20030061087A1 (en) 2002-07-15 2003-03-27 Paul Srimuang Calendar scheduling of multiple persons resources and consumables with group access view restriction
US20030065676A1 (en) 2001-09-05 2003-04-03 Microsoft Corporation Methods and system of managing concurrent access to multiple resources
US20030070091A1 (en) 2001-10-05 2003-04-10 Loveland Shawn Domenic Granular authorization for network user sessions
US20030087629A1 (en) 2001-09-28 2003-05-08 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US20030093698A1 (en) 2001-11-14 2003-05-15 International Business Machines Corporation System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
US20030120948A1 (en) 2001-12-21 2003-06-26 Schmidt Donald E. Authentication and authorization across autonomous network systems
US20030126437A1 (en) 2000-08-04 2003-07-03 First Data Corporation ABDS Method and Verification Status for Authenticating Entity Access
GB2378780B (en) 2001-08-14 2003-07-09 Elan Digital Systems Ltd Data integrity
US20030163685A1 (en) 2002-02-28 2003-08-28 Nokia Corporation Method and system to allow performance of permitted activity with respect to a device
US20030167405A1 (en) 2001-07-27 2003-09-04 Gregor Freund System methodology for automatic local network discovery and firewall reconfiguration for mobile computing devices
US20030177389A1 (en) 2002-03-06 2003-09-18 Zone Labs, Inc. System and methodology for security policy arbitration
US6647388B2 (en) 1999-12-16 2003-11-11 International Business Machines Corporation Access control system, access control method, storage medium and program transmission apparatus
US20030226015A1 (en) * 2002-05-31 2003-12-04 Neufeld E. David Method and apparatus for configuring security options in a computer system
US6668323B1 (en) 1999-03-03 2003-12-23 International Business Machines Corporation Method and system for password protection of a data processing system that permit a user-selected password to be recovered
US20030236983A1 (en) * 2002-06-21 2003-12-25 Mihm Thomas J. Secure data transfer in mobile terminals and methods therefor
US20040001101A1 (en) 2002-06-27 2004-01-01 Koninklijke Philips Electronics N.V. Active window switcher
WO2004017592A8 (en) 2002-08-19 2004-04-22 Research In Motion Ltd System and method for secure control of resources of wireless mobile communication device
US20040083382A1 (en) * 2002-10-28 2004-04-29 Secure Computing Corporation Associative policy model
US20040097217A1 (en) 2002-08-06 2004-05-20 Mcclain Fred System and method for providing authentication and authorization utilizing a personal wireless communication device
WO2004043031A1 (en) 2002-11-08 2004-05-21 Research In Motion Limited System and method of connection control for wireless mobile communication devices
US20040100983A1 (en) * 2002-11-26 2004-05-27 Shinsuke Suzuki Packet forwarding equipment
US6745047B1 (en) 2001-03-07 2004-06-01 Palmone, Inc. System and method for using a wireless enabled portable computer system as a wireless modem
US6748543B1 (en) 1998-09-17 2004-06-08 Cisco Technology, Inc. Validating connections to a network system
US20040121802A1 (en) 2002-12-24 2004-06-24 Samsung Electronics Co., Ltd. Hybrid mobile terminal and method for automatically powering on/off mobile phone
US6757821B1 (en) 1999-04-28 2004-06-29 Kabushiki Kaisha Toshiba Computer system and its operation environment switching method
US6772350B1 (en) 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
US6775536B1 (en) 1999-11-03 2004-08-10 Motorola, Inc Method for validating an application for use in a mobile communication device
US6785810B1 (en) 1999-08-31 2004-08-31 Espoc, Inc. System and method for providing secure transmission, search, and storage of data
US20040177073A1 (en) 2003-01-17 2004-09-09 Harry Snyder Executable application access management system
US6795967B1 (en) 1999-01-26 2004-09-21 Microsoft Corporation Changing user identities without closing applications
US6795688B1 (en) * 2001-01-19 2004-09-21 3Com Corporation Method and system for personal area network (PAN) degrees of mobility-based configuration
US20040209608A1 (en) * 2003-04-17 2004-10-21 Ntt Docomo, Inc. API system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
EP1471691A2 (en) 2003-04-22 2004-10-27 Samsung Electronics Co., Ltd. Device and method for hybrid wired and wireless communication
US6886038B1 (en) 2000-10-24 2005-04-26 Microsoft Corporation System and method for restricting data transfers and managing software components of distributed computers
US6895502B1 (en) 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
WO2005045550A2 (en) 2003-10-29 2005-05-19 Becrypt Limited Password recovery system and method
US6901429B2 (en) 2000-10-27 2005-05-31 Eric Morgan Dowling Negotiated wireless peripheral security systems
US20050154935A1 (en) 2004-01-12 2005-07-14 Samsung Electronics Co., Ltd. Mobile terminal and method for auto-locking thereof
US20050164687A1 (en) * 2003-12-01 2005-07-28 Interdigital Technology Corporation Implementation of controls by use of customer programmable portal
US20050192008A1 (en) 1999-03-31 2005-09-01 Nimesh Desai System and method for selective information exchange
US20050210270A1 (en) 2004-03-19 2005-09-22 Ceelox, Inc. Method for authenticating a user profile for providing user access to restricted information based upon biometric confirmation
US6957330B1 (en) 1999-03-01 2005-10-18 Storage Technology Corporation Method and system for secure information handling
US20050245272A1 (en) 2004-04-29 2005-11-03 Spaur Charles W Enabling interoperability between distributed devices using different communication link technologies
US6976241B2 (en) 2001-11-14 2005-12-13 Intel Corporation Cross platform administrative framework
US6978385B1 (en) 2000-03-01 2005-12-20 International Business Machines Corporation Data processing system and method for remote recovery of a primary password
US6999562B2 (en) * 2002-04-09 2006-02-14 Honeywell International Inc. Security control and communication system and method
US20060059556A1 (en) 2004-09-10 2006-03-16 Royer Barry L System for managing inactivity in concurrently operating executable applications
US20060070114A1 (en) 1999-08-05 2006-03-30 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US20060090136A1 (en) 2004-10-01 2006-04-27 Microsoft Corporation Methods and apparatus for implementing a virtualized computer system
GB2408179B (en) 2003-09-29 2006-05-10 Symbian Software Ltd Multi-user mobile telephone
US20060129848A1 (en) 2004-04-08 2006-06-15 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
US20060129948A1 (en) 2004-12-14 2006-06-15 Hamzy Mark J Method, system and program product for a window level security screen-saver
US20060149846A1 (en) 2002-10-11 2006-07-06 Marko Schuba Method for linking of devices
US20060156026A1 (en) 2002-10-25 2006-07-13 Daniil Utin Password encryption key
US20060168395A1 (en) 2002-11-18 2006-07-27 Guoshun Deng Method of sending command and data to movable storage device
US20060168259A1 (en) 2005-01-27 2006-07-27 Iknowware, Lp System and method for accessing data via Internet, wireless PDA, smartphone, text to voice and voice to text
US20060206931A1 (en) 2005-03-14 2006-09-14 Microsoft Corporation Access control policy engine controlling access to resource based on any of multiple received types of security tokens
US20060212589A1 (en) 2005-03-18 2006-09-21 Sap Aktiengesellschaft Session manager for web-based applications
US7146638B2 (en) 2002-06-27 2006-12-05 International Business Machines Corporation Firewall protocol providing additional information
US20070019643A1 (en) 2005-07-14 2007-01-25 Interdigital Technology Corporation Wireless communication system and method of implementing an evolved system attachment procedure
US20070050854A1 (en) 2005-09-01 2007-03-01 Microsoft Corporation Resource based dynamic security authorization
US20070073694A1 (en) 2005-09-26 2007-03-29 Jerome Picault Method and apparatus of determining access rights to content items
WO2006130807A3 (en) 2005-06-01 2007-05-24 Qualcomm Inc Selecting data interfaces in a multi-homing, multi-mode communication device
US20070156766A1 (en) 2006-01-03 2007-07-05 Khanh Hoang Relationship data management
US7246374B1 (en) 2000-03-13 2007-07-17 Microsoft Corporation Enhancing computer system security via multiple user desktops
EP1168141B1 (en) 2000-06-23 2007-08-29 Franklin Electronic Publishers, Incorporated A secure and open computer platform
US20070204166A1 (en) 2006-01-04 2007-08-30 Tome Agustin J Trusted host platform
US20070254631A1 (en) 2003-11-06 2007-11-01 Intuwave Limited Secure Multi-Entity Access to Resources on Mobile Telephones
US20070277127A1 (en) 2006-05-24 2007-11-29 Carlson Michael P Screensaver for individual application programs
EP1806674A3 (en) 2006-01-09 2007-12-12 Sun Microsystems, Inc. Method and apparatus for protection domain based security
US7315750B2 (en) 2004-08-06 2008-01-01 Industrial Technology Research Institute Method and system for selecting an access network in a heterogeneous network environment
US20080002726A1 (en) 2006-06-30 2008-01-03 Yieh-Ran Haung Multimedia-messaging-service (MMS) system and the service method thereof
US7331058B1 (en) 1999-12-16 2008-02-12 International Business Machines Corporation Distributed data structures for authorization and access control for computing resources
US20080081609A1 (en) 2006-09-29 2008-04-03 Motorola, Inc. Method and system for associating a user profile to a sim card
US20080098237A1 (en) 2006-10-20 2008-04-24 Dung Trung T Secure e-mail services system and methods implementing inversion of security control
US20080125146A1 (en) 2004-04-30 2008-05-29 David Bainbridge Accurate Timing of Sms Messages
US20080130524A1 (en) 2006-08-23 2008-06-05 Neustar, Inc. System and method for user account portability across communication systems
US20080134347A1 (en) 2006-08-09 2008-06-05 Vaultus Mobile Technologies, Inc. System for providing mobile data security
GB2440015B (en) 2007-05-18 2008-07-09 Cvon Innovations Ltd Allocation system and method
US7400878B2 (en) 2004-02-26 2008-07-15 Research In Motion Limited Computing device with environment aware features
US20080222711A1 (en) 2007-02-23 2008-09-11 Oliver Michaelis Method and Apparatus to Create Trust Domains Based on Proximity
US20080235041A1 (en) 2007-03-21 2008-09-25 Cashdollar Jeffrey J Enterprise data management
EP1624428A4 (en) 2003-05-14 2008-12-17 Jms Co Ltd Device for transmitting data via the internet
WO2009012329A2 (en) 2007-07-16 2009-01-22 Qualcomm Incorporated Method for supporting multiple diversified data applications with efficient use of network resources
WO2009014975A1 (en) 2007-07-20 2009-01-29 Check Point Software Technologies, Inc. System and methods providing secure workspace sessions
WO2009021200A1 (en) 2007-08-08 2009-02-12 Innopath Software, Inc. Managing and enforcing policies on mobile devices
US20090070181A1 (en) 2007-05-02 2009-03-12 Loeffen Karin M Method and system for an online reservation system for services selectable from multiple categories
US20090094668A1 (en) 2007-10-08 2009-04-09 International Business Machines Corporation Email privacy system and method
US20090178107A1 (en) 2008-01-09 2009-07-09 International Business Machines Corporation Access control policy conversion
US20090181662A1 (en) 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration
CN101523878A (en) 2006-09-28 2009-09-02 日本电气株式会社 Mobile terminal device, key operation lock method in the mobile terminal device, and program
US20090254753A1 (en) 2008-03-04 2009-10-08 Apple Inc. System and method of authorizing execution of software code based on accessible entitlements
US20090260052A1 (en) 2008-04-11 2009-10-15 Microsoft Corporation Inter-Process Message Security
US20100024020A1 (en) 2008-07-22 2010-01-28 Ernest Samuel Baugher Wireless mobile device with privacy groups that independently control access to resident application programs
US20100081417A1 (en) 2008-09-30 2010-04-01 Thomas William Hickie System and Method for Secure Management of Mobile User Access to Enterprise Network Resources
US20100088753A1 (en) 2008-10-03 2010-04-08 Microsoft Corporation Identity and authentication system using aliases
US20100107215A1 (en) 2008-10-28 2010-04-29 Yahoo! Inc. Scalable firewall policy management platform
US7721087B1 (en) 2006-03-24 2010-05-18 Symantec Corporation Cross UI platform alerting of security status
US7734284B2 (en) 2004-04-30 2010-06-08 Research In Motion Limited System and method for handling data transfers
US7751331B1 (en) 2005-05-09 2010-07-06 Cisco Technology, Inc. Technique for policy conflict resolution using priority with variance
US20100184440A1 (en) 2009-01-22 2010-07-22 Microsoft Corporation Mobile device network selection
US7765185B2 (en) 2003-01-13 2010-07-27 I2 Technologies Us, Inc. Enterprise solution framework incorporating a master data management system for centrally managing core reference data associated with an enterprise
US20100222097A1 (en) 2009-02-27 2010-09-02 Research In Motion Limited System and Method for Security on a Mobile Device using Multiple Communication Domains
US7793355B2 (en) * 2002-12-12 2010-09-07 Reasearch In Motion Limited System and method of owner control of electronic devices
US20100278162A1 (en) 2009-04-30 2010-11-04 Research In Mothion Limited Method of maintaining data collections in a mobile communication device
US20100281487A1 (en) 2009-05-03 2010-11-04 Research In Motion Limited Systems and methods for mobility server administration
US20100299394A1 (en) 2009-05-20 2010-11-25 International Business Machines Corporation User-configured alternate email rendering
US20100299376A1 (en) 2009-05-20 2010-11-25 Mobile Iron, Inc. Selective Management of Mobile Devices in an Enterprise Environment
US20100319053A1 (en) 2009-06-12 2010-12-16 Apple Inc. Devices with profile-based operating mode controls
US20100325430A1 (en) 2003-09-18 2010-12-23 Karl Denninghoff Globally unique identification in communications protocols and databases
US20100325221A1 (en) 2007-02-23 2010-12-23 Francis Cohen Method for inserting multimedia content into a computer communication by instant messaging
US20110010699A1 (en) 2009-07-09 2011-01-13 Simon Cooper Methods and Systems for Upgrade and Synchronization of Securely Installed Applications on a Computing Device
US7886053B1 (en) 2009-09-15 2011-02-08 Symantec Corporation Self-management of access control policy
US7921452B2 (en) 2005-08-23 2011-04-05 The Boeing Company Defining consistent access control policies
US20110082808A1 (en) 2009-10-01 2011-04-07 Blackboard Inc. Mobile integration of user-specific institutional content
US20110126214A1 (en) 2005-03-21 2011-05-26 O'farrell Robert Data Management for Mobile Data System
US20110145833A1 (en) 2009-12-15 2011-06-16 At&T Mobility Ii Llc Multiple Mode Mobile Device
US20110179083A1 (en) 2010-01-15 2011-07-21 Galloway Curtis C Accessing Specialized Fileserver
US20110195698A1 (en) 2002-12-12 2011-08-11 Research In Motion Limited Methods And Apparatus For Providing Restrictions On Communications Of A Wireless Communication Device
US20110210171A1 (en) 2010-02-26 2011-09-01 Research In Motion Limited Methods and devices for transmitting and receiving data used to activate a device to operate with a server
US20110252240A1 (en) 2010-04-07 2011-10-13 Gordie Freedman Mobile Device Management
US8074078B2 (en) 2006-05-15 2011-12-06 Research In Motion Limited System and method for remote reset of password and encryption key
US20110314467A1 (en) 2010-06-18 2011-12-22 At&T Intellectual Property I, L.P. Mobile Devices Having Plurality of Virtual Interfaces
US20120005723A1 (en) 2004-06-29 2012-01-05 Damaka, Inc. System and method for concurrent sessions in a peer-to-peer hybrid communications network
US20120023573A1 (en) 2010-07-23 2012-01-26 Jianxiong Jason Shi Method, apparatus and system for access mode control of a device
US20120054853A1 (en) 2010-08-24 2012-03-01 International Business Machines Corporation Systems and methods to control device endpoint behavior using personae and policies
WO2012037656A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method for establishing a plurality of modes of operation on a mobile device
US20120079110A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
US20120079586A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
US20120109826A1 (en) 2010-10-28 2012-05-03 Ncr Corporation Techniques for conducting single or limited use purchases via a mobile device
US8208900B2 (en) 2008-03-04 2012-06-26 Apple Inc. Secure device configuration profiles
WO2012109497A1 (en) 2011-02-09 2012-08-16 Epals, Inc. Access control system and method
US20120214442A1 (en) 2011-02-21 2012-08-23 Crawford Carmela R Systems, methods and apparatus for controlling access to mobile devices
US20120214503A1 (en) 2011-02-18 2012-08-23 Qualcomm Innovation Center, Inc. Device, Method, and System for Receiving Content on a Mobile Computing Device
US20120278863A1 (en) 2005-09-30 2012-11-01 Apple Computer, Inc. Ad-hoc user account creation
US20120278904A1 (en) 2011-04-26 2012-11-01 Microsoft Corporation Content distribution regulation by viewing user
US20120291140A1 (en) 2009-06-26 2012-11-15 Arnaud Robert Method and System for Allocating Access to Digital Media Content
US20120309344A1 (en) 2011-06-01 2012-12-06 Research In Motion Limited Using Multiple User Accounts on a Mobile Device
US20130097657A1 (en) 2011-10-17 2013-04-18 Daniel Cardamore Dynamically Generating Perimeters
EP2337300B1 (en) 2009-12-21 2014-01-22 BlackBerry Limited Method of Securely Transferring Services Between Mobile Devices

Family Cites Families (198)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4881179A (en) 1988-03-11 1989-11-14 International Business Machines Corp. Method for providing information security protocols to an electronic calendar
US5864683A (en) 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5659544A (en) 1994-10-17 1997-08-19 Lucent Technologies Inc. Method and system for distributed control in wireless cellular and personal communication systems
US6272538B1 (en) * 1996-07-30 2001-08-07 Micron Technology, Inc. Method and system for establishing a security perimeter in computer networks
US6832256B1 (en) * 1996-12-27 2004-12-14 Intel Corporation Firewalls that filter based upon protocol commands
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US6125447A (en) 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6629246B1 (en) 1999-04-28 2003-09-30 Sun Microsystems, Inc. Single sign-on for a network system that includes multiple separately-controlled restricted access resources
US6539385B1 (en) * 1999-06-11 2003-03-25 Abuzz Technologies, Inc. Dual-use email system
US6546554B1 (en) 2000-01-21 2003-04-08 Sun Microsystems, Inc. Browser-independent and automatic apparatus and method for receiving, installing and launching applications from a browser on a client computer
US6799208B1 (en) 2000-05-02 2004-09-28 Microsoft Corporation Resource manager architecture
US6944677B1 (en) 2000-05-09 2005-09-13 Aspect Communications Corporation Common user profile server and method
US20020133554A1 (en) * 2000-05-25 2002-09-19 Daniel Checkoway E-mail answering agent
JP3526435B2 (en) 2000-06-08 2004-05-17 株式会社東芝 Network system
US6505200B1 (en) 2000-07-06 2003-01-07 International Business Machines Corporation Application-independent data synchronization technique
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
US20020065946A1 (en) 2000-10-17 2002-05-30 Shankar Narayan Synchronized computing with internet widgets
US9819561B2 (en) 2000-10-26 2017-11-14 Liveperson, Inc. System and methods for facilitating object assignments
US7131000B2 (en) 2001-01-18 2006-10-31 Bradee Robert L Computer security system
US20020176378A1 (en) 2001-05-22 2002-11-28 Hamilton Thomas E. Platform and method for providing wireless data services
US7017162B2 (en) 2001-07-10 2006-03-21 Microsoft Corporation Application program interface for network software platform
US7317699B2 (en) 2001-10-26 2008-01-08 Research In Motion Limited System and method for controlling configuration settings for mobile communication devices and services
US20030084144A1 (en) 2001-10-30 2003-05-01 Lipinski Greg J. Network bandwidth optimization method and system
AUPR966001A0 (en) 2001-12-20 2002-01-24 Canon Information Systems Research Australia Pty Ltd A microprocessor card defining a custom user interface
US7950066B1 (en) * 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
JP4386732B2 (en) 2002-01-08 2009-12-16 セブン ネットワークス, インコーポレイテッド Mobile network connection architecture
US20030200459A1 (en) 2002-04-18 2003-10-23 Seeman El-Azar Method and system for protecting documents while maintaining their editability
US20030233410A1 (en) 2002-06-06 2003-12-18 International Business Machines Corporation Electronic carbon copy dissemination control
US7233786B1 (en) 2002-08-06 2007-06-19 Captaris, Inc. Providing access to information of multiple types via coordination of distinct information services
US7665125B2 (en) 2002-09-23 2010-02-16 Heard Robert W System and method for distribution of security policies for mobile devices
US20040083315A1 (en) 2002-10-25 2004-04-29 Aaron Grassian Integrated circuit for a multi-function handheld device
US9237514B2 (en) 2003-02-28 2016-01-12 Apple Inc. System and method for filtering access points presented to a user and locking onto an access point
US7526800B2 (en) 2003-02-28 2009-04-28 Novell, Inc. Administration of protection of data accessible by a mobile device
US7353533B2 (en) 2002-12-18 2008-04-01 Novell, Inc. Administration of protection of data accessible by a mobile device
AU2003300431A1 (en) 2002-12-31 2004-07-29 Bitfone Corporation Management of service components installed in an electronic device in a mobile services network
US7779247B2 (en) 2003-01-09 2010-08-17 Jericho Systems Corporation Method and system for dynamically implementing an enterprise resource policy
MY141160A (en) 2003-01-13 2010-03-31 Multimedia Glory Sdn Bhd System and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US9197668B2 (en) 2003-02-28 2015-11-24 Novell, Inc. Access control to files based on source information
US20040260710A1 (en) 2003-02-28 2004-12-23 Marston Justin P. Messaging system
US7644290B2 (en) 2003-03-31 2010-01-05 Power Measurement Ltd. System and method for seal tamper detection for intelligent electronic devices
JP4119295B2 (en) * 2003-04-07 2008-07-16 東京エレクトロン株式会社 Maintenance / diagnosis data storage server, maintenance / diagnosis data storage / acquisition system, maintenance / diagnosis data storage / provision system
US7685254B2 (en) 2003-06-10 2010-03-23 Pandya Ashish A Runtime adaptable search processor
US7469417B2 (en) 2003-06-17 2008-12-23 Electronic Data Systems Corporation Infrastructure method and system for authenticated dynamic security domain boundary extension
US7149897B2 (en) * 2003-07-25 2006-12-12 The United States Of America As Represented By The Secretary Of The Navy Systems and methods for providing increased computer security
US7515717B2 (en) 2003-07-31 2009-04-07 International Business Machines Corporation Security containers for document components
US20070147315A1 (en) 2003-10-16 2007-06-28 Telefonaktiebolaget L M Ericsson (Publ) Access to cdma/umts services over a wlan acccess point using a gateway node
WO2005043360A1 (en) 2003-10-21 2005-05-12 Green Border Technologies Systems and methods for secure client applications
US7437362B1 (en) 2003-11-26 2008-10-14 Guardium, Inc. System and methods for nonintrusive database security
US8544062B2 (en) 2003-12-03 2013-09-24 Safend Ltd. Method and system for improving computer network security
FI116764B (en) 2003-12-22 2006-02-15 Nokia Corp Method for Sharing Calendar Content in a Communication System, a Communication System, and a Terminal
US7543331B2 (en) 2003-12-22 2009-06-02 Sun Microsystems, Inc. Framework for providing a configurable firewall for computing systems
JP4227035B2 (en) 2004-02-03 2009-02-18 株式会社日立製作所 Computer system, management device, storage device, and computer device
US20050182966A1 (en) * 2004-02-17 2005-08-18 Duc Pham Secure interprocess communications binding system and methods
EP1596410A1 (en) 2004-03-30 2005-11-16 LG Electronics Inc. Plasma display panel and manufacture method thereof
US8526428B2 (en) 2004-04-08 2013-09-03 Gryphon Networks Corp. System and method for control of communications connections and notifications
US20080194336A1 (en) 2004-06-07 2008-08-14 Gagner Mark B Gaming Device with Resources Swapping
US8503340B1 (en) 2004-07-11 2013-08-06 Yongyong Xu WiFi phone system
US20060015621A1 (en) 2004-07-13 2006-01-19 Quinn Liam B System and method for information handling system task selective wireless networking
US7603466B2 (en) 2004-07-19 2009-10-13 Sap (Ag) Mobile collaborative peer-to-peer business applications
US7496954B1 (en) 2004-11-22 2009-02-24 Sprint Communications Company L.P. Single sign-on system and method
US7512987B2 (en) 2004-12-03 2009-03-31 Motion Picture Association Of America Adaptive digital rights management system for plural device domains
US7689653B2 (en) 2005-01-18 2010-03-30 International Business Machines Corporation Apparatus and method controlling use of individual segments of instant messaging content
EP1842392B1 (en) 2005-01-21 2014-01-01 Oracle Israel Ltd. Service convergence across multiple communication domains
US8495700B2 (en) 2005-02-28 2013-07-23 Mcafee, Inc. Mobile data security system and methods
US7770206B2 (en) 2005-03-11 2010-08-03 Microsoft Corporation Delegating right to access resource or the like in access management system
CA2524849A1 (en) 2005-10-28 2007-04-28 Overcow Corporation Method of providing secure access to computer resources
US7966654B2 (en) 2005-11-22 2011-06-21 Fortinet, Inc. Computerized system and method for policy-based content filtering
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US8959339B2 (en) 2005-12-23 2015-02-17 Texas Instruments Incorporated Method and system for preventing unauthorized processor mode switches
US8627490B2 (en) 2005-12-29 2014-01-07 Nextlabs, Inc. Enforcing document control in an information management system
CN101004694B (en) 2006-01-09 2012-05-30 太阳微系统有限公司 Method and apparatus for data transfer between isolated execution contexts
US9038071B2 (en) 2006-03-30 2015-05-19 Microsoft Technology Licensing, Llc Operating system context isolation of application execution
US8565766B2 (en) 2007-02-05 2013-10-22 Wefi Inc. Dynamic network connection system and method
US20070294253A1 (en) 2006-06-20 2007-12-20 Lyle Strub Secure domain information protection apparatus and methods
US8656461B2 (en) 2006-07-28 2014-02-18 Microsoft Corporation Copy-paste trust system
US8495181B2 (en) 2006-08-03 2013-07-23 Citrix Systems, Inc Systems and methods for application based interception SSI/VPN traffic
US8869262B2 (en) 2006-08-03 2014-10-21 Citrix Systems, Inc. Systems and methods for application based interception of SSL/VPN traffic
US7843912B2 (en) 2006-08-03 2010-11-30 Citrix Systems, Inc. Systems and methods of fine grained interception of network communications on a virtual private network
US9720569B2 (en) 2006-08-14 2017-08-01 Soasta, Inc. Cloud-based custom metric/timer definitions and real-time analytics of mobile applications
US8355333B2 (en) 2006-08-31 2013-01-15 Ciena Corporation Methods and systems for session initiation protocol control of network equipment
US8145493B2 (en) 2006-09-11 2012-03-27 Nuance Communications, Inc. Establishing a preferred mode of interaction between a user and a multimodal application
CN101536465B (en) 2006-09-27 2012-05-23 意大利电信股份公司 An apparatus and method for implementing configurable resource management policies
US8584199B1 (en) 2006-10-17 2013-11-12 A10 Networks, Inc. System and method to apply a packet routing policy to an application session
US8259568B2 (en) 2006-10-23 2012-09-04 Mcafee, Inc. System and method for controlling mobile device access to a network
US8261345B2 (en) 2006-10-23 2012-09-04 Endeavors Technologies, Inc. Rule-based application access management
US7769779B2 (en) 2006-11-02 2010-08-03 Microsoft Corporation Reverse name mappings in restricted namespace environments
US20080141136A1 (en) 2006-12-12 2008-06-12 Microsoft Corporation Clipping Synchronization and Sharing
US7853925B2 (en) 2006-12-13 2010-12-14 Sap Ag System and method for managing hierarchical software development
US8010991B2 (en) 2007-01-29 2011-08-30 Cisco Technology, Inc. Policy resolution in an entitlement management system
US8856782B2 (en) 2007-03-01 2014-10-07 George Mason Research Foundation, Inc. On-demand disposable virtual work system
US8187100B1 (en) 2007-03-02 2012-05-29 Dp Technologies, Inc. Shared execution of hybrid states
JP4973246B2 (en) 2007-03-09 2012-07-11 日本電気株式会社 Access right management system, server, and access right management program
US8782786B2 (en) 2007-03-30 2014-07-15 Sophos Limited Remedial action against malicious code at a client facility
CL2008001091A1 (en) 2007-04-19 2009-01-09 Telefonica Sa Method for the management of personal information, based on a model of the human mind.
US20080305832A1 (en) 2007-06-07 2008-12-11 Microsoft Corporation Sharing profile mode
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US8484464B2 (en) 2007-06-15 2013-07-09 Research In Motion Limited Method and devices for providing secure data backup from a mobile communication device to an external computing device
US8463253B2 (en) 2007-06-21 2013-06-11 Verizon Patent And Licensing Inc. Flexible lifestyle portable communications device
US8122362B2 (en) * 2007-07-20 2012-02-21 Microsoft Corporation Control and visibility for digital calendar sharing
US8341726B2 (en) 2007-07-23 2012-12-25 International Business Machines Corporation System and method for controlling email propagation
EP2034775B1 (en) 2007-07-27 2010-05-26 Research In Motion Limited Apparatus and methods for operation of a wireless server
US8667482B2 (en) 2007-08-10 2014-03-04 Microsoft Corporation Automated application modeling for application virtualization
WO2009028629A1 (en) 2007-08-29 2009-03-05 Takeda Pharmaceutical Company Limited Heterocyclic compound and use thereof
WO2009036184A2 (en) 2007-09-11 2009-03-19 Research In Motion Limited System and method for sharing a sip communication service identifier
US8127237B2 (en) 2007-09-24 2012-02-28 Sap Ag Active business client
CN101897165B (en) 2007-10-30 2013-06-12 意大利电信股份公司 Method of authentication of users in data processing systems
ES2492668T3 (en) 2007-11-29 2014-09-10 Jasper Wireless, Inc. Method and devices to improve manageability in wireless data communication systems
US20100175104A1 (en) 2008-03-03 2010-07-08 Khalid Atm Shafiqul Safe and secure program execution framework with guest application space
US8516095B2 (en) 2008-05-23 2013-08-20 Research In Motion Limited Remote administration of mobile wireless devices
US8041346B2 (en) 2008-05-29 2011-10-18 Research In Motion Limited Method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network
US8539544B2 (en) 2008-05-30 2013-09-17 Motorola Mobility Llc Method of optimizing policy conformance check for a device with a large set of posture attribute combinations
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US9026918B2 (en) 2008-10-16 2015-05-05 Accenture Global Services Limited Enabling a user device to access enterprise data
US8087067B2 (en) 2008-10-21 2011-12-27 Lookout, Inc. Secure mobile platform system
US9781148B2 (en) 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US8347386B2 (en) 2008-10-21 2013-01-01 Lookout, Inc. System and method for server-coupled malware prevention
US8108933B2 (en) 2008-10-21 2012-01-31 Lookout, Inc. System and method for attack and malware prevention
US8060936B2 (en) 2008-10-21 2011-11-15 Lookout, Inc. Security status and information display system
US8533844B2 (en) 2008-10-21 2013-09-10 Lookout, Inc. System and method for security data collection and analysis
US8538001B2 (en) 2008-11-12 2013-09-17 Computer Sciences Corporation Telecommunication redirect system and method
US8407721B2 (en) 2008-12-12 2013-03-26 Microsoft Corporation Communication interface selection on multi-homed devices
US20140071895A1 (en) 2008-12-12 2014-03-13 Ryan H. Bane Network Selection Based On Customizing Crowdsourced Connection Quality Data
JP5296221B2 (en) 2008-12-29 2013-09-25 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Method for installing application in NFC-compatible device, NFC-compatible device, server node, computer-readable medium, and computer program
US20100192224A1 (en) 2009-01-26 2010-07-29 International Business Machines Corporation Sandbox web navigation
US9426179B2 (en) 2009-03-17 2016-08-23 Sophos Limited Protecting sensitive information from a secure data store
US20100241579A1 (en) 2009-03-19 2010-09-23 Microsoft Corporation Feed Content Presentation
WO2010117623A2 (en) 2009-03-31 2010-10-14 Coach Wei System and method for access management and security protection for network accessible computer services
CN107332816A (en) 2009-04-20 2017-11-07 交互数字专利控股公司 The system of multiple domains and domain ownership
US9197417B2 (en) 2009-04-24 2015-11-24 Microsoft Technology Licensing, Llc Hosted application sandbox model
US8850549B2 (en) 2009-05-01 2014-09-30 Beyondtrust Software, Inc. Methods and systems for controlling access to resources and privileges per process
US20100299152A1 (en) 2009-05-20 2010-11-25 Mobile Iron, Inc. Selective Management of Mobile Devices in an Enterprise Environment
US8898748B2 (en) 2009-05-21 2014-11-25 Mobile Iron, Inc. Remote verification for configuration updates
SG177156A1 (en) 2009-06-16 2012-01-30 Intel Corp Camera applications in a handheld device
US9047458B2 (en) 2009-06-19 2015-06-02 Deviceauthority, Inc. Network access protection
US8566391B2 (en) 2009-08-13 2013-10-22 Hitachi, Ltd. System and method for evaluating application suitability in execution environment
US8688095B2 (en) 2009-08-26 2014-04-01 At&T Intellectual Property I, L.P. Multiple user profiles and personas on a device
US7890627B1 (en) 2009-09-02 2011-02-15 Sophos Plc Hierarchical statistical model of internet reputation
US8271450B2 (en) 2009-10-01 2012-09-18 Vmware, Inc. Monitoring a data structure in a virtual machine and determining if memory pages containing the data structure are swapped into or out of guest physical memory
US10110602B2 (en) 2009-12-01 2018-10-23 Kct Holdings, Llc Secure internal data network communication interfaces
US8832425B2 (en) 2009-12-01 2014-09-09 Information Assurance Specialists, Inc. Wide area network access management computer
US9684785B2 (en) 2009-12-17 2017-06-20 Red Hat, Inc. Providing multiple isolated execution environments for securely accessing untrusted content
US8856349B2 (en) 2010-02-05 2014-10-07 Sling Media Inc. Connection priority services for data communication between two devices
US8180893B1 (en) 2010-03-15 2012-05-15 Symantec Corporation Component-level sandboxing
US20110239270A1 (en) 2010-03-26 2011-09-29 Nokia Corporation Method and apparatus for providing heterogeneous security management
US9390263B2 (en) 2010-03-31 2016-07-12 Sophos Limited Use of an application controller to monitor and control software file and application environments
US8510552B2 (en) 2010-04-07 2013-08-13 Apple Inc. System and method for file-level data protection
US9244700B2 (en) 2010-05-09 2016-01-26 Citrix Systems, Inc. Methods and systems for delivering applications from a desktop operating system
US8434135B2 (en) 2010-06-11 2013-04-30 Microsoft Corporation Creating and launching a web application with credentials
US8458787B2 (en) 2010-06-30 2013-06-04 Juniper Networks, Inc. VPN network client for mobile device having dynamically translated user home page
US8473734B2 (en) 2010-06-30 2013-06-25 Juniper Networks, Inc. Multi-service VPN network client for mobile device having dynamic failover
US20130174222A1 (en) 2010-09-13 2013-07-04 Thomson Licensing Method and apparatus for an ephemeral trusted device
US20120066691A1 (en) 2010-09-14 2012-03-15 Paul Keith Branton Private application clipboard
US8495731B1 (en) 2010-10-01 2013-07-23 Viasat, Inc. Multiple domain smartphone
US8869307B2 (en) 2010-11-19 2014-10-21 Mobile Iron, Inc. Mobile posture-based policy, remediation and access control for enterprise resources
US20120151184A1 (en) 2010-12-10 2012-06-14 Daniel Shawcross Wilkerson Hard object: constraining control flow and providing lightweight kernel crossings
US8931042B1 (en) 2010-12-10 2015-01-06 CellSec, Inc. Dividing a data processing device into separate security domains
US9934166B2 (en) 2010-12-10 2018-04-03 Daniel Shawcross Wilkerson Hard object: constraining control flow and providing lightweight kernel crossings
US8856950B2 (en) 2010-12-21 2014-10-07 Lg Electronics Inc. Mobile terminal and method of managing information therein including first operating system acting in first mode and second operating system acting in second mode
AU2011202832B2 (en) 2010-12-21 2013-01-24 Lg Electronics Inc. Mobile terminal and method of controlling a mode switching therein
US8595821B2 (en) 2011-01-14 2013-11-26 International Business Machines Corporation Domains based security for clusters
US8832389B2 (en) 2011-01-14 2014-09-09 International Business Machines Corporation Domain based access control of physical memory space
US8429191B2 (en) 2011-01-14 2013-04-23 International Business Machines Corporation Domain based isolation of objects
US8549656B2 (en) 2011-02-11 2013-10-01 Mocana Corporation Securing and managing apps on a device
US9027151B2 (en) 2011-02-17 2015-05-05 Red Hat, Inc. Inhibiting denial-of-service attacks using group controls
US9582139B1 (en) 2011-05-26 2017-02-28 Google Inc. Multi-level mobile device profiles
US10078755B2 (en) 2011-05-27 2018-09-18 Apple Inc. Private and public applications
US9619417B2 (en) 2011-06-17 2017-04-11 Alcatel Lucent Method and apparatus for remote delivery of managed USB services via a mobile computing device
KR102071695B1 (en) 2011-07-12 2020-01-31 인터디지탈 패튼 홀딩스, 인크 Method and apparatus for multi-rat access mode operation
US8588749B1 (en) 2011-09-01 2013-11-19 Cellco Partnership Data segmentation profiles
US10165007B2 (en) 2011-09-15 2018-12-25 Microsoft Technology Licensing, Llc Securing data usage in computing devices
US9143529B2 (en) 2011-10-11 2015-09-22 Citrix Systems, Inc. Modifying pre-existing mobile applications to implement enterprise security policies
US9280377B2 (en) 2013-03-29 2016-03-08 Citrix Systems, Inc. Application with multiple operation modes
US20140032733A1 (en) 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US9161226B2 (en) 2011-10-17 2015-10-13 Blackberry Limited Associating services to perimeters
US8881289B2 (en) 2011-10-18 2014-11-04 Mcafee, Inc. User behavioral risk assessment
US9613219B2 (en) 2011-11-10 2017-04-04 Blackberry Limited Managing cross perimeter access
US8799227B2 (en) 2011-11-11 2014-08-05 Blackberry Limited Presenting metadata from multiple perimeters
US9256758B2 (en) 2011-11-29 2016-02-09 Dell Products L.P. Mode sensitive encryption
EP2629478B1 (en) 2012-02-16 2018-05-16 BlackBerry Limited Method and apparatus for separation of connection data by perimeter type
US9369466B2 (en) 2012-06-21 2016-06-14 Blackberry Limited Managing use of network resources
US8726343B1 (en) 2012-10-12 2014-05-13 Citrix Systems, Inc. Managing dynamic policies and settings in an orchestration framework for connected devices
US8656016B1 (en) 2012-10-24 2014-02-18 Blackberry Limited Managing application execution and data access on a device
US9075967B2 (en) 2012-12-31 2015-07-07 Aaron Marshall Mobile device security using multiple profiles
US10461937B1 (en) 2013-12-18 2019-10-29 Amazon Technologies, Inc. Hypervisor supported secrets compartment
ES2768575T3 (en) 2014-09-04 2020-06-23 Huawei Tech Co Ltd Method to sync forwarding tables, network device and system
WO2016099357A1 (en) 2014-12-19 2016-06-23 Telefonaktiebolaget Lm Ericsson (Publ) Methods and first network node for managing a stream control transmission protocol association
US10187321B2 (en) 2015-08-19 2019-01-22 Cisco Technology, Inc. Dynamic VPN policy model with encryption and traffic engineering resolution
US10148741B2 (en) 2015-09-17 2018-12-04 Dell Products L.P. Multi-homing load balancing system
US10412012B2 (en) 2015-09-22 2019-09-10 Arris Enterprises Llc Intelligent, load adaptive, and self optimizing master node selection in an extended bridge
US10409983B2 (en) 2015-11-23 2019-09-10 Armor Defense, Inc. Detecting malicious instructions in a virtual machine memory
US10237163B2 (en) 2015-12-30 2019-03-19 Juniper Networks, Inc. Static route advertisement
US9825805B2 (en) 2016-02-18 2017-11-21 Dell Products L.P. Multi-homing internet service provider switchover system
US10778779B2 (en) 2016-06-17 2020-09-15 Huawei Technologies Co., Ltd. Method and system for session management for ultra reliable and low latency communications in high mobility scenarios
US10993165B2 (en) 2016-12-27 2021-04-27 Veniam, Inc. Flexible support of multi-homing in networks of moving things including autonomous vehicles based networks
US10531420B2 (en) 2017-01-05 2020-01-07 Huawei Technologies Co., Ltd. Systems and methods for application-friendly protocol data unit (PDU) session management
GB201809702D0 (en) 2018-06-13 2018-08-01 Qubeeo Ltd Content analysis
EP3877854A4 (en) 2018-11-08 2022-08-10 INTEL Corporation Function as a service (faas) system enhancements
US11599629B2 (en) 2019-01-31 2023-03-07 Rubrik, Inc. Real-time detection of system threats

Patent Citations (217)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4945556A (en) 1985-07-09 1990-07-31 Alpine Electronics Inc. Method of locking function of mobile telephone system
US4837812A (en) 1985-12-21 1989-06-06 Ricoh Company, Ltd. Dual connection mode equipped communication control apparatus
US4815128A (en) 1986-07-03 1989-03-21 Motorola, Inc. Gateway system and method for interconnecting telephone calls with a digital voice protected radio network
US4991197A (en) 1988-09-01 1991-02-05 Intelligence Technology Corporation Method and apparatus for controlling transmission of voice and data signals
US4972457A (en) 1989-01-19 1990-11-20 Spectrum Information Technologies, Inc. Portable hybrid communication system and methods
US5802483A (en) 1989-10-31 1998-09-01 Morris; Walker C. Method and apparatus for transmission of data and voice
US5220604A (en) 1990-09-28 1993-06-15 Digital Equipment Corporation Method for performing group exclusion in hierarchical group structures
US5408520A (en) 1992-11-09 1995-04-18 Compaq Computer Corporation Modem for tight coupling between a computer and a cellular telephone
EP0605106A1 (en) 1992-12-03 1994-07-06 Data Security, Inc. Computer security metapolicy system
US5606594A (en) 1994-01-27 1997-02-25 Dell Usa, L.P. Communication accessory and method of telecommunicating for a PDA
WO1996025828A1 (en) 1995-02-15 1996-08-22 Nokia Mobile Phones Ltd. A method for using applications in a mobile station, a mobile station, and a system for effecting payments
US5850515A (en) 1995-03-17 1998-12-15 Advanced Micro Devices, Inc. Intrusion control in repeater based networks
US5774551A (en) 1995-08-07 1998-06-30 Sun Microsystems, Inc. Pluggable account management interface with unified login and logout and multiple user authentication services
US5864765A (en) 1996-03-01 1999-01-26 Telefonaktiebolaget Lm Ericsson Method and arrangement relating to mobile telephone terminals
US6343313B1 (en) 1996-03-26 2002-01-29 Pixion, Inc. Computer conferencing system with real-time multipoint, multi-speed, multi-stream scalability
US6351816B1 (en) 1996-05-30 2002-02-26 Sun Microsystems, Inc. System and method for securing a program's execution in a network environment
US5987440A (en) 1996-07-22 1999-11-16 Cyva Research Corporation Personal information security and exchange tool
US6285889B1 (en) 1996-08-08 2001-09-04 Nokia Mobile Phones Limited Information output system, method for outputting information and terminal devices for outputting information via mobile communication network
US5826265A (en) 1996-12-06 1998-10-20 International Business Machines Corporation Data management system having shared libraries
US6088693A (en) 1996-12-06 2000-07-11 International Business Machines Corporation Data management system for file and database management
US20020184398A1 (en) 1996-12-18 2002-12-05 Orenshteyn Alexander S. Secured system for accessing application services from a remote station
US5987611A (en) 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6105132A (en) 1997-02-20 2000-08-15 Novell, Inc. Computer network graded authentication system and method
US6233446B1 (en) 1997-04-08 2001-05-15 Telefonaktiebolaget Lm Ericsson Arrangement for improving security in a communication system supporting user mobility
US6243756B1 (en) 1997-06-23 2001-06-05 Compaq Computer Corporation Network device with unified management
WO1999005814A2 (en) 1997-07-24 1999-02-04 Worldtalk Corporation E-mail firewall with stored key encryption/decryption
US6052735A (en) 1997-10-24 2000-04-18 Microsoft Corporation Electronic mail object synchronization between a desktop computer and mobile device
US6131136A (en) 1997-12-12 2000-10-10 Gateway 2000, Inc. Dual mode modem for automatically selecting between wireless and wire-based communication modes
US6405202B1 (en) 1998-04-27 2002-06-11 Trident Systems, Inc. System and method for adding property level security to an object oriented database
US6772350B1 (en) 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
US6219694B1 (en) * 1998-05-29 2001-04-17 Research In Motion Limited System and method for pushing information from a host system to a mobile data communication device having a shared electronic address
US6253326B1 (en) 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
EP0973350A3 (en) 1998-07-17 2000-04-19 Phone.Com Inc. Method and apparatus for providing access control to local services of mobile devices
US6292798B1 (en) 1998-09-09 2001-09-18 International Business Machines Corporation Method and system for controlling access to data resources and protecting computing system resources from unauthorized access
US6748543B1 (en) 1998-09-17 2004-06-08 Cisco Technology, Inc. Validating connections to a network system
US6412070B1 (en) 1998-09-21 2002-06-25 Microsoft Corporation Extensible security system and method for controlling access to objects in a computing environment
US6360322B1 (en) 1998-09-28 2002-03-19 Symantec Corporation Automatic recovery of forgotten passwords
US6490289B1 (en) 1998-11-03 2002-12-03 Cisco Technology, Inc. Multiple network connections from a single PPP link with network address translation
US6795967B1 (en) 1999-01-26 2004-09-21 Microsoft Corporation Changing user identities without closing applications
JP2000253241A (en) 1999-02-26 2000-09-14 Matsushita Electric Ind Co Ltd Data monitoring method and device therefor
US6957330B1 (en) 1999-03-01 2005-10-18 Storage Technology Corporation Method and system for secure information handling
US6668323B1 (en) 1999-03-03 2003-12-23 International Business Machines Corporation Method and system for password protection of a data processing system that permit a user-selected password to be recovered
WO2000059225A1 (en) 1999-03-26 2000-10-05 Motorola Inc. Secure wireless electronic-commerce system with wireless network domain
US20050192008A1 (en) 1999-03-31 2005-09-01 Nimesh Desai System and method for selective information exchange
WO2000060434A1 (en) 1999-04-06 2000-10-12 Microsoft Corporation Method and system for controlling execution of computer programs
US6757821B1 (en) 1999-04-28 2004-06-29 Kabushiki Kaisha Toshiba Computer system and its operation environment switching method
US20060070114A1 (en) 1999-08-05 2006-03-30 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6785810B1 (en) 1999-08-31 2004-08-31 Espoc, Inc. System and method for providing secure transmission, search, and storage of data
JP2001077811A (en) 1999-09-01 2001-03-23 Akuton Technology Kk Network interface card
US6516421B1 (en) 1999-10-27 2003-02-04 International Business Machines Corporation Method and means for adjusting the timing of user-activity-dependent changes of operational state of an apparatus
US6775536B1 (en) 1999-11-03 2004-08-10 Motorola, Inc Method for validating an application for use in a mobile communication device
US6647388B2 (en) 1999-12-16 2003-11-11 International Business Machines Corporation Access control system, access control method, storage medium and program transmission apparatus
US7331058B1 (en) 1999-12-16 2008-02-12 International Business Machines Corporation Distributed data structures for authorization and access control for computing resources
JP2001203761A (en) 2000-01-20 2001-07-27 Dainippon Printing Co Ltd Repeater and network system provided with the same
US6978385B1 (en) 2000-03-01 2005-12-20 International Business Machines Corporation Data processing system and method for remote recovery of a primary password
US20010047485A1 (en) 2000-03-06 2001-11-29 Daniel Brown Computer security system
US7246374B1 (en) 2000-03-13 2007-07-17 Microsoft Corporation Enhancing computer system security via multiple user desktops
US6895502B1 (en) 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
US20010056549A1 (en) 2000-06-08 2001-12-27 Alcatel Method of providing access control for and/or vis-a-vis users accessing the internet from terminals via a private access node, and arrangements for putting this kind of method into practice
EP1168141B1 (en) 2000-06-23 2007-08-29 Franklin Electronic Publishers, Incorporated A secure and open computer platform
US20020112155A1 (en) 2000-07-10 2002-08-15 Martherus Robin E. User Authentication
US20020013815A1 (en) 2000-07-28 2002-01-31 Obradovich Michael L. Technique for effective organization and communication of information
US20120202527A1 (en) 2000-07-28 2012-08-09 Obradovich Michael L Technique for effective organization and communication of information
US20030126437A1 (en) 2000-08-04 2003-07-03 First Data Corporation ABDS Method and Verification Status for Authenticating Entity Access
US20020019944A1 (en) 2000-08-14 2002-02-14 International Business Machines Corporation Method and system for granting acces to information for electronic commerce
US20020031230A1 (en) 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US20020095414A1 (en) 2000-10-19 2002-07-18 General Electric Company Delegated administration of information in a database directory
US6886038B1 (en) 2000-10-24 2005-04-26 Microsoft Corporation System and method for restricting data transfers and managing software components of distributed computers
US6901429B2 (en) 2000-10-27 2005-05-31 Eric Morgan Dowling Negotiated wireless peripheral security systems
US20020087880A1 (en) * 2000-12-29 2002-07-04 Storage Technology Corporation Secure gateway multiple automated data storage system sharing
US20020095497A1 (en) 2001-01-17 2002-07-18 Satagopan Murli D. Caching user network access information within a network
US6795688B1 (en) * 2001-01-19 2004-09-21 3Com Corporation Method and system for personal area network (PAN) degrees of mobility-based configuration
US6745047B1 (en) 2001-03-07 2004-06-01 Palmone, Inc. System and method for using a wireless enabled portable computer system as a wireless modem
JP2002288087A (en) 2001-03-23 2002-10-04 Humming Heads Inc Information processor and method therefor, information processing system and control method thereof, and program
US20030005317A1 (en) 2001-06-28 2003-01-02 Audebert Yves Louis Gabriel Method and system for generating and verifying a key protection certificate
US20030014521A1 (en) 2001-06-28 2003-01-16 Jeremy Elson Open platform architecture for shared resource access management
US20030054860A1 (en) 2001-07-10 2003-03-20 E-Lead Electronic Co., Ltd. Telephone dialing apparatus capable of directly downloading telephone directory from mobile phone subscriber identity module card
US20030167405A1 (en) 2001-07-27 2003-09-04 Gregor Freund System methodology for automatic local network discovery and firewall reconfiguration for mobile computing devices
US20030026220A1 (en) * 2001-07-31 2003-02-06 Christopher Uhlik System and related methods to facilitate delivery of enhanced data services in a mobile wireless communications environment
US20030031184A1 (en) 2001-08-13 2003-02-13 Sbc Technology Resources, Inc. Authentication for use of high speed network resources
US7187678B2 (en) 2001-08-13 2007-03-06 At&T Labs, Inc. Authentication for use of high speed network resources
GB2378780B (en) 2001-08-14 2003-07-09 Elan Digital Systems Ltd Data integrity
US20030035397A1 (en) 2001-08-17 2003-02-20 Amit Haller System, device and computer readable medium for providing networking services on a mobile device
US20030065676A1 (en) 2001-09-05 2003-04-03 Microsoft Corporation Methods and system of managing concurrent access to multiple resources
US20030087629A1 (en) 2001-09-28 2003-05-08 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US7042988B2 (en) 2001-09-28 2006-05-09 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US20030070091A1 (en) 2001-10-05 2003-04-10 Loveland Shawn Domenic Granular authorization for network user sessions
US7076797B2 (en) 2001-10-05 2006-07-11 Microsoft Corporation Granular authorization for network user sessions
US20030093698A1 (en) 2001-11-14 2003-05-15 International Business Machines Corporation System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
US6976241B2 (en) 2001-11-14 2005-12-13 Intel Corporation Cross platform administrative framework
US20030120948A1 (en) 2001-12-21 2003-06-26 Schmidt Donald E. Authentication and authorization across autonomous network systems
US20030163685A1 (en) 2002-02-28 2003-08-28 Nokia Corporation Method and system to allow performance of permitted activity with respect to a device
US20030177389A1 (en) 2002-03-06 2003-09-18 Zone Labs, Inc. System and methodology for security policy arbitration
US6999562B2 (en) * 2002-04-09 2006-02-14 Honeywell International Inc. Security control and communication system and method
US20030226015A1 (en) * 2002-05-31 2003-12-04 Neufeld E. David Method and apparatus for configuring security options in a computer system
US20030236983A1 (en) * 2002-06-21 2003-12-25 Mihm Thomas J. Secure data transfer in mobile terminals and methods therefor
US20040001101A1 (en) 2002-06-27 2004-01-01 Koninklijke Philips Electronics N.V. Active window switcher
US7146638B2 (en) 2002-06-27 2006-12-05 International Business Machines Corporation Firewall protocol providing additional information
US20030061087A1 (en) 2002-07-15 2003-03-27 Paul Srimuang Calendar scheduling of multiple persons resources and consumables with group access view restriction
US20040097217A1 (en) 2002-08-06 2004-05-20 Mcclain Fred System and method for providing authentication and authorization utilizing a personal wireless communication device
US20050213763A1 (en) 2002-08-19 2005-09-29 Owen Russell N System and method for secure control of resources of wireless mobile communication devices
US20120144196A1 (en) 2002-08-19 2012-06-07 Research In Motion Limited System and Method for Secure Control of Resources of Wireless Mobile Communication Devices
WO2004017592A8 (en) 2002-08-19 2004-04-22 Research In Motion Ltd System and method for secure control of resources of wireless mobile communication device
US20060149846A1 (en) 2002-10-11 2006-07-06 Marko Schuba Method for linking of devices
US20060156026A1 (en) 2002-10-25 2006-07-13 Daniil Utin Password encryption key
US20040083382A1 (en) * 2002-10-28 2004-04-29 Secure Computing Corporation Associative policy model
US20080132202A1 (en) 2002-11-08 2008-06-05 Kirkup Michael G System and method of connection control for wireless mobile communication devices
US7076239B2 (en) 2002-11-08 2006-07-11 Research In Motion Limited System and method of connection control for wireless mobile communication devices
CA2505343C (en) 2002-11-08 2010-06-22 Research In Motion Limited System and method of connection control for wireless mobile communication devices
US7330712B2 (en) 2002-11-08 2008-02-12 Research In Motion Limited System and method of connection control for wireless mobile communication devices
EP1563663B1 (en) 2002-11-08 2008-10-01 Research In Motion Limited System and method of connection control for wireless mobile communication devices
WO2004043031A1 (en) 2002-11-08 2004-05-21 Research In Motion Limited System and method of connection control for wireless mobile communication devices
US20060168395A1 (en) 2002-11-18 2006-07-27 Guoshun Deng Method of sending command and data to movable storage device
US20040100983A1 (en) * 2002-11-26 2004-05-27 Shinsuke Suzuki Packet forwarding equipment
US20110195698A1 (en) 2002-12-12 2011-08-11 Research In Motion Limited Methods And Apparatus For Providing Restrictions On Communications Of A Wireless Communication Device
US7793355B2 (en) * 2002-12-12 2010-09-07 Reasearch In Motion Limited System and method of owner control of electronic devices
US20040121802A1 (en) 2002-12-24 2004-06-24 Samsung Electronics Co., Ltd. Hybrid mobile terminal and method for automatically powering on/off mobile phone
US7765185B2 (en) 2003-01-13 2010-07-27 I2 Technologies Us, Inc. Enterprise solution framework incorporating a master data management system for centrally managing core reference data associated with an enterprise
US20040177073A1 (en) 2003-01-17 2004-09-09 Harry Snyder Executable application access management system
US20040209608A1 (en) * 2003-04-17 2004-10-21 Ntt Docomo, Inc. API system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
EP1471691A2 (en) 2003-04-22 2004-10-27 Samsung Electronics Co., Ltd. Device and method for hybrid wired and wireless communication
EP1624428A4 (en) 2003-05-14 2008-12-17 Jms Co Ltd Device for transmitting data via the internet
US20100325430A1 (en) 2003-09-18 2010-12-23 Karl Denninghoff Globally unique identification in communications protocols and databases
GB2408179B (en) 2003-09-29 2006-05-10 Symbian Software Ltd Multi-user mobile telephone
WO2005045550A2 (en) 2003-10-29 2005-05-19 Becrypt Limited Password recovery system and method
US20070254631A1 (en) 2003-11-06 2007-11-01 Intuwave Limited Secure Multi-Entity Access to Resources on Mobile Telephones
US20050164687A1 (en) * 2003-12-01 2005-07-28 Interdigital Technology Corporation Implementation of controls by use of customer programmable portal
US20050154935A1 (en) 2004-01-12 2005-07-14 Samsung Electronics Co., Ltd. Mobile terminal and method for auto-locking thereof
US7869789B2 (en) 2004-02-26 2011-01-11 Research In Motion Limited Computing device with environment aware features
US7574200B2 (en) 2004-02-26 2009-08-11 Research In Motion Limited Computing device with environment aware features
US7400878B2 (en) 2004-02-26 2008-07-15 Research In Motion Limited Computing device with environment aware features
US20050210270A1 (en) 2004-03-19 2005-09-22 Ceelox, Inc. Method for authenticating a user profile for providing user access to restricted information based upon biometric confirmation
US20060129848A1 (en) 2004-04-08 2006-06-15 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
US20050245272A1 (en) 2004-04-29 2005-11-03 Spaur Charles W Enabling interoperability between distributed devices using different communication link technologies
US8005469B2 (en) * 2004-04-30 2011-08-23 Research In Motion Limited System and method for handling data transfers
US20080125146A1 (en) 2004-04-30 2008-05-29 David Bainbridge Accurate Timing of Sms Messages
US7734284B2 (en) 2004-04-30 2010-06-08 Research In Motion Limited System and method for handling data transfers
US20120005723A1 (en) 2004-06-29 2012-01-05 Damaka, Inc. System and method for concurrent sessions in a peer-to-peer hybrid communications network
US7315750B2 (en) 2004-08-06 2008-01-01 Industrial Technology Research Institute Method and system for selecting an access network in a heterogeneous network environment
US20060059556A1 (en) 2004-09-10 2006-03-16 Royer Barry L System for managing inactivity in concurrently operating executable applications
US20060090136A1 (en) 2004-10-01 2006-04-27 Microsoft Corporation Methods and apparatus for implementing a virtualized computer system
US20060129948A1 (en) 2004-12-14 2006-06-15 Hamzy Mark J Method, system and program product for a window level security screen-saver
US20060168259A1 (en) 2005-01-27 2006-07-27 Iknowware, Lp System and method for accessing data via Internet, wireless PDA, smartphone, text to voice and voice to text
US20060206931A1 (en) 2005-03-14 2006-09-14 Microsoft Corporation Access control policy engine controlling access to resource based on any of multiple received types of security tokens
US20060212589A1 (en) 2005-03-18 2006-09-21 Sap Aktiengesellschaft Session manager for web-based applications
US20110126214A1 (en) 2005-03-21 2011-05-26 O'farrell Robert Data Management for Mobile Data System
US7751331B1 (en) 2005-05-09 2010-07-06 Cisco Technology, Inc. Technique for policy conflict resolution using priority with variance
WO2006130807A3 (en) 2005-06-01 2007-05-24 Qualcomm Inc Selecting data interfaces in a multi-homing, multi-mode communication device
US20070019643A1 (en) 2005-07-14 2007-01-25 Interdigital Technology Corporation Wireless communication system and method of implementing an evolved system attachment procedure
US7921452B2 (en) 2005-08-23 2011-04-05 The Boeing Company Defining consistent access control policies
US20070050854A1 (en) 2005-09-01 2007-03-01 Microsoft Corporation Resource based dynamic security authorization
US20070073694A1 (en) 2005-09-26 2007-03-29 Jerome Picault Method and apparatus of determining access rights to content items
US20120278863A1 (en) 2005-09-30 2012-11-01 Apple Computer, Inc. Ad-hoc user account creation
US20070156766A1 (en) 2006-01-03 2007-07-05 Khanh Hoang Relationship data management
US20070204153A1 (en) 2006-01-04 2007-08-30 Tome Agustin J Trusted host platform
US20070204166A1 (en) 2006-01-04 2007-08-30 Tome Agustin J Trusted host platform
EP1806674A3 (en) 2006-01-09 2007-12-12 Sun Microsystems, Inc. Method and apparatus for protection domain based security
US20100024016A1 (en) 2006-01-09 2010-01-28 Thierry Violleau Method and apparatus for protection domain based security
US7721087B1 (en) 2006-03-24 2010-05-18 Symantec Corporation Cross UI platform alerting of security status
US8074078B2 (en) 2006-05-15 2011-12-06 Research In Motion Limited System and method for remote reset of password and encryption key
US20070277127A1 (en) 2006-05-24 2007-11-29 Carlson Michael P Screensaver for individual application programs
US20080002726A1 (en) 2006-06-30 2008-01-03 Yieh-Ran Haung Multimedia-messaging-service (MMS) system and the service method thereof
US20080134347A1 (en) 2006-08-09 2008-06-05 Vaultus Mobile Technologies, Inc. System for providing mobile data security
US20080130524A1 (en) 2006-08-23 2008-06-05 Neustar, Inc. System and method for user account portability across communication systems
CN101523878A (en) 2006-09-28 2009-09-02 日本电气株式会社 Mobile terminal device, key operation lock method in the mobile terminal device, and program
US20080081609A1 (en) 2006-09-29 2008-04-03 Motorola, Inc. Method and system for associating a user profile to a sim card
US20080098237A1 (en) 2006-10-20 2008-04-24 Dung Trung T Secure e-mail services system and methods implementing inversion of security control
US20080222711A1 (en) 2007-02-23 2008-09-11 Oliver Michaelis Method and Apparatus to Create Trust Domains Based on Proximity
US20100325221A1 (en) 2007-02-23 2010-12-23 Francis Cohen Method for inserting multimedia content into a computer communication by instant messaging
US20080235041A1 (en) 2007-03-21 2008-09-25 Cashdollar Jeffrey J Enterprise data management
US20090070181A1 (en) 2007-05-02 2009-03-12 Loeffen Karin M Method and system for an online reservation system for services selectable from multiple categories
GB2440015B (en) 2007-05-18 2008-07-09 Cvon Innovations Ltd Allocation system and method
WO2009012329A2 (en) 2007-07-16 2009-01-22 Qualcomm Incorporated Method for supporting multiple diversified data applications with efficient use of network resources
WO2009014975A1 (en) 2007-07-20 2009-01-29 Check Point Software Technologies, Inc. System and methods providing secure workspace sessions
WO2009021200A1 (en) 2007-08-08 2009-02-12 Innopath Software, Inc. Managing and enforcing policies on mobile devices
US20090181662A1 (en) 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration
US20090094668A1 (en) 2007-10-08 2009-04-09 International Business Machines Corporation Email privacy system and method
US20090178107A1 (en) 2008-01-09 2009-07-09 International Business Machines Corporation Access control policy conversion
US8208900B2 (en) 2008-03-04 2012-06-26 Apple Inc. Secure device configuration profiles
US20090254753A1 (en) 2008-03-04 2009-10-08 Apple Inc. System and method of authorizing execution of software code based on accessible entitlements
US20090260052A1 (en) 2008-04-11 2009-10-15 Microsoft Corporation Inter-Process Message Security
US20100024020A1 (en) 2008-07-22 2010-01-28 Ernest Samuel Baugher Wireless mobile device with privacy groups that independently control access to resident application programs
US20100081417A1 (en) 2008-09-30 2010-04-01 Thomas William Hickie System and Method for Secure Management of Mobile User Access to Enterprise Network Resources
US20100088753A1 (en) 2008-10-03 2010-04-08 Microsoft Corporation Identity and authentication system using aliases
US20100107215A1 (en) 2008-10-28 2010-04-29 Yahoo! Inc. Scalable firewall policy management platform
US20100184440A1 (en) 2009-01-22 2010-07-22 Microsoft Corporation Mobile device network selection
US20100222097A1 (en) 2009-02-27 2010-09-02 Research In Motion Limited System and Method for Security on a Mobile Device using Multiple Communication Domains
US20100278162A1 (en) 2009-04-30 2010-11-04 Research In Mothion Limited Method of maintaining data collections in a mobile communication device
US20100281487A1 (en) 2009-05-03 2010-11-04 Research In Motion Limited Systems and methods for mobility server administration
US20100299376A1 (en) 2009-05-20 2010-11-25 Mobile Iron, Inc. Selective Management of Mobile Devices in an Enterprise Environment
US20100299394A1 (en) 2009-05-20 2010-11-25 International Business Machines Corporation User-configured alternate email rendering
US20100319053A1 (en) 2009-06-12 2010-12-16 Apple Inc. Devices with profile-based operating mode controls
US20120291140A1 (en) 2009-06-26 2012-11-15 Arnaud Robert Method and System for Allocating Access to Digital Media Content
US20110010699A1 (en) 2009-07-09 2011-01-13 Simon Cooper Methods and Systems for Upgrade and Synchronization of Securely Installed Applications on a Computing Device
US7886053B1 (en) 2009-09-15 2011-02-08 Symantec Corporation Self-management of access control policy
US20110082808A1 (en) 2009-10-01 2011-04-07 Blackboard Inc. Mobile integration of user-specific institutional content
US20110145833A1 (en) 2009-12-15 2011-06-16 At&T Mobility Ii Llc Multiple Mode Mobile Device
EP2337300B1 (en) 2009-12-21 2014-01-22 BlackBerry Limited Method of Securely Transferring Services Between Mobile Devices
US20110179083A1 (en) 2010-01-15 2011-07-21 Galloway Curtis C Accessing Specialized Fileserver
US20110210171A1 (en) 2010-02-26 2011-09-01 Research In Motion Limited Methods and devices for transmitting and receiving data used to activate a device to operate with a server
US20110252240A1 (en) 2010-04-07 2011-10-13 Gordie Freedman Mobile Device Management
US20110314467A1 (en) 2010-06-18 2011-12-22 At&T Intellectual Property I, L.P. Mobile Devices Having Plurality of Virtual Interfaces
US20120023573A1 (en) 2010-07-23 2012-01-26 Jianxiong Jason Shi Method, apparatus and system for access mode control of a device
US20120054853A1 (en) 2010-08-24 2012-03-01 International Business Machines Corporation Systems and methods to control device endpoint behavior using personae and policies
US20120079586A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
US20120079609A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method for establishing a plurality of modes of operation on a mobile device
WO2012037658A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
US20120079110A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method and apparatus for differentiated access control
WO2012037656A1 (en) 2010-09-24 2012-03-29 Research In Motion Limited Method for establishing a plurality of modes of operation on a mobile device
WO2012037657A3 (en) 2010-09-24 2012-06-21 Research In Motion Limited Method and apparatus for differentiated access control
US20120109826A1 (en) 2010-10-28 2012-05-03 Ncr Corporation Techniques for conducting single or limited use purchases via a mobile device
WO2012109497A1 (en) 2011-02-09 2012-08-16 Epals, Inc. Access control system and method
US20120214503A1 (en) 2011-02-18 2012-08-23 Qualcomm Innovation Center, Inc. Device, Method, and System for Receiving Content on a Mobile Computing Device
US20120214442A1 (en) 2011-02-21 2012-08-23 Crawford Carmela R Systems, methods and apparatus for controlling access to mobile devices
US20120278904A1 (en) 2011-04-26 2012-11-01 Microsoft Corporation Content distribution regulation by viewing user
US20120309344A1 (en) 2011-06-01 2012-12-06 Research In Motion Limited Using Multiple User Accounts on a Mobile Device
US20130097657A1 (en) 2011-10-17 2013-04-18 Daniel Cardamore Dynamically Generating Perimeters

Non-Patent Citations (105)

* Cited by examiner, † Cited by third party
Title
"A Technical Overview of the Lucent VPN Firewall" White Paper Lucent Technologies, XX, XX, Aug. 2002, pp. 1-35, XP002271173, Chapter 1.
"Customizing User Interaction in Smart Phones", Pervasive Computing, IEEE CS (2006) pp. 81-90 (URL: http://www.idi. ntnu.no/grupperlsu/bibliography/pdf/2006/Korpipaa2006pc.pdf).
"Owen, Russell N., U.S. Appl. No. 13/371,093, filed Feb. 10, 2012; Title: System and Method for Secure Control of Resources of Wireless Mobile Communication Devices Secure Control of Resources of Wireless Mobile Communication Device".
"Supporting Mobile Privacy and Security through Sensor-Based Context Detection"", Julian Seifert, Second International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, May 17, 2010, Finland (U RL: http://www.medien.ifi.lmu.de/iwssi201 0/papers/iwssi-spmu201 O-seifert.pdf)".
"Using context-profiling to aid access control decisions in mobile devices"", Gupta et al., Nokia Research Center (URL: http://www.cerias.purdue.edu/assets/symposium/2011-posters1372-C48.pdf) Please refer to the I-page file named 372-C48.pdf".
Advisory Action issued in U.S. Appl. No. 11/118,791 on Jun. 26, 2009; 8 pages.
Basic Access Authentication (Jan. 23, 2010): http://en.wikipedia.org/wiki/Basic-access-authentication.
Bender, Christopher Lyle; U.S. Appl. No. 13/074,136, filed Mar. 29, 2011; Title: Data Source Based Application Sandboxing.
Certificate of Grant of Patent. Hong Kong Patent No. 1080315. Dated: Apr. 24, 2009.
Certificate of Grant of Patent. Singapore Patent No. 112419. Dated: Apr. 30, 2007.
Communication Pursuant to Article 94(3) EPC issued in European Application No. 05738877.9 on Jan. 15, 2008; 4 pages.
Communication Pursuant to Article 94(3) EPC issued in European Application No. 05738877.9 on Jul. 15, 2009; 4 pages.
Communication Pursuant to Article 94(3) EPC issued in European Application No. 11188696.6 on Jul. 9, 2013; 4 pages.
Communication under Rule 71(3) EPC issued in European Application No. 05738877.9 on Sep. 17, 2010; 41 pages.
Cross-site request forgery (Nov. 30, 2008): http://en.wikipedia.org/wiki/Cross-site-request-forgery.
Digital Access Authentication (Dec. 23, 2009): http://en.wikipedia.org/wiki/Digest-access-authentication.
EP Application No. 12155659.1, Extended European Search Report dated Jan. 8, 2012.
European Search Report of Appln. No. 04256690.1-2412, date of mailing Apr. 6, 2005-9 pgs.
European Supplementary Search Report dated Sep. 13, 2007 for European Patent Application No. 05738877.9.
European Supplementary Search Report issued in European Application No. 05738877.9 on Sep. 13, 2007; 3 pages.
Examiner's First Report issued in Australian Application No. 2005239005 on Oct. 15, 2007; 2 pages.
Examiner's First Report issued in Australian Application No. 2009202857 on Nov. 5, 2010; 3 pages.
Examiner's Report No. 2 issued in Australian Application No. 2005239005 on Jul. 15, 2009; 2 pages.
Extended European Search Report issued in European Application No. 11186796.6 on Jan. 18, 2012; 8 pages.
Extended European Search Report issued in European Application No. 11186802.2 on Jan. 18, 2012; 7 pages.
Extended European Search Report issued in European Application No. 11188696.6 on Apr. 12, 2012; 7 pages.
Extended European Search Report issued in European Application No. 12173030.3 on Nov. 22, 2012; 6 pages.
Extended European Search Report issued in European Application No. 12189773.0 on Mar. 7, 2013; 8 pages.
Extended European Search Report issued in European Application No. 12189805.0 on Apr. 16, 2013; 6 pages.
Extended European Search Report mailed Jul. 13, 2012, in corresponding European patent application No. 12153439.0.
Ferguson et al., U.S. Appl. No. 13/293,743, "Managing Cross Perimeter Access," filed Nov. 10, 2011.
First Examination Report issued in Indian Application No. 6068/DELNP/2006 on Jun. 3, 2010; 2 pages.
First Office Action issued in Chinese Application No. 200580013730.4 on Mar. 27, 2009; 9 pages.
Fourth Office Action. Chinese Application No. 200380105435.2. Dated: Aug. 3, 2011.
Google Inc.; Android 2.3.4 User's Guide; May 20, 2011; 384 pages.
International Application No. PCT/CA 03101245, International Search Report dated Dec. 23, 2003.
International Application No. PCT/CA 03101245, PCT International Preliminary Examination Report, dated Nov. 29, 2004.
International Application No. PCT/CA 03101245, PCT Written Opinion, dated Apr. 23, 2004.
International Application No. PCT/CA 03101245, PCT Written Opinion, dated Sep. 20, 2004.
International Preliminary Report on Patentability issued in International Application No. PCT/CA2011/050707 on May 30, 2013; 4 pages.
International Preliminary Report on Patentability under Chapter I issued in International Application No. PCT/CA2005/000652 on Nov. 9, 2006; 6 pages.
International Search Report and Written Opinion issued in International Application No. PCT/CA2011/001058 on Dec. 21, 2011; 9 pages.
International Search Report and Written Opinion issued in International Application No. PCT/CA2012/050797 on Feb. 5, 2013; 8 pages.
International Search Report and Written Opinion of the International Searching Authority issued in International Application No. PCT/CA2011/050707 on Jan. 18, 2012; 7 pages.
International Search Report and Written Opinion of the International Searching Authority issued in International Application No. PCT/CA2012/050796 on Feb. 21, 2013; 13 pages.
International Search Report issued in International Application No. PCT/CA2005/000652 on Aug. 17, 2005; 9 pages.
International Search Report of Application No. PCT/CA2005/000652, date of mailing Aug. 17, 2005.
Int'l Search Report and the Written Opinion of the Int'l Searching Authority, or the Declaration of Appln. Serial No. PCT/CA2004/000250 of 02120/2004-12 pgs.
Int'l Search Report or the Declaration of Appln. Serial No. PCT/CA03/01679 of 10131/2003-6 pgs.
Introduction to using IRM for e-mail messages; Support/Outlook/Outlook 2007 Help and How-to. http://office.microsoft.com/en-us/outlook-help/introduction-to-using-irm-for-e-mail-message-HA010100366.aspx?CTT=5&or . . . , pp. 1-6, retrieved on Feb. 12, 2010.
Japanese Notice of Reasons for Rejection for Rejection mailed on Jun. 15, 2009 for Japanese Patent Application No. 2007-209840.
Microsoft Corp.; Microsoft Outlook 2010; Released Jul. 15, 2010; 27 pages.
Microsoft Office: Microsoft Outlook 2010 Product Guide; Microsoft Corp. 2010; published in 2010; 65 pages.
Notice of Allowance issued in Chinese Application No. 200580013730.4 on Jul. 28, 2011; 4 pages.
Notice of Allowance issued in Japanese Application No. 2007-509840 on Jan. 25, 2010; 3 pages.
Notice of Allowance issued in U.S. Appl. No. 11/118,791 on Jan. 20, 2010; 4 pages.
Notice of Allowance issued in U.S. Appl. No. 12/795,252 on Apr. 14, 2011; 4 pages.
Notice of Allowance issued in U.S. Appl. No. 12/795,252 on Dec. 17, 2010; 4 pages.
Notice Of Allowance. Canadian Application No. 2,505,343. Dated: Sep. 15, 2009.
Notice of Decision for Patent issued in Korean Application No. 10-2006-7025081 on Aug. 7, 2009; 3 pages.
Notice of Decision of Final Rejection issued Korean Application No. 10-2006-7025081 on Jun. 18, 2008.
Notice of Reasons for Rejection issued in Japanese Application No. 2007-509840 on Jun. 15, 2009; 5 pages.
Notice Requesting Submission of Opinion issued in Korean Application No. 10-2006-7025081 on Nov. 16, 2007; 10 pages.
Office Action issued in Canadian Application No. 2,564,914 on Apr. 4, 2011; 2 pages.
Office Action issued in Canadian Application No. 2,564,914 on May 3, 2010; 4 pages.
Office Action issued in Canadian Application No. 2,769,646 on Jun. 5, 2012; 3 pages.
Office Action issued in Canadian Application No. 2,769,646 on Oct. 22, 2012; 2 pages.
Office Action issued in U.S. Appl. No. 10/524,353 on Sep. 21, 2012; 16 pages.
Office Action issued in U.S. Appl. No. 10/524,353 on Sep. 21,2012.
Office Action issued in U.S. Appl. No. 11/118,791 on Apr. 8, 2009; 14 pages.
Office Action issued in U.S. Appl. No. 11/118,791 on Jan. 27, 2009; 16 pages.
Office Action issued in U.S. Appl. No. 11/118,791 on Mar. 30, 2007; 12 pages.
Office Action issued in U.S. Appl. No. 11/118,791 on May 20, 2008; 13 pages.
Office Action issued in U.S. Appl. No. 11/118,791 on Nov. 28, 2007; 12 pages.
Office Action issued in U.S. Appl. No. 11/118,791 on Sep. 25, 2006; 11 pages.
Office Action issued in U.S. Appl. No. 12/795,252 on Aug. 6, 2010; 6 pages.
Office Action issued in U.S. Appl. No. 13/098,456 on Apr. 17, 2013; 31 pages.
Office Action issued in U.S. Appl. No. 13/098,456 on Sep. 13, 2012; 20 pages.
Office Action issued in U.S. Appl. No. 13/098,456 on Sep. 27, 2013; 28 pages.
Office Action issued in U.S. Appl. No. 13/25,097 on Feb. 28, 2013; 18 pages.
Office Action issued in U.S. Appl. No. 13/25,097 on Sep. 10, 2013; 21 pages.
Office Action issued in U.S. Appl. No. 13/274,913 on Jan. 23, 2013; 22 pages.
Office Action issued in U.S. Appl. No. 13/274,913 on Jul. 16, 2013.
Office Action issued in U.S. Appl. No. 13/293,743 on Feb. 14, 2013; 15 pages.
Office Action issued in U.S. Appl. No. 13/293,743 on Sep. 20, 2013; 19 pages.
Office Action issued in U.S. Appl. No. 13/398,676 on Sep. 5, 2012; 21 pages.
Office Action issued in U.S. Appl. No. 13/659,527 on May 23, 2013; 8 pages.
Office Action issued in U.S. Appl. No. 13/722,213 on May 22, 2013; 8 pages.
Owen, Russell N., U.S. Appl. No. 10/524,353, filed Aug. 19, 2003; Title: System and Method for Secure Control of Resources of Wireless Mobile Communication Devices.
Owen, Russell N., U.S. Appl. No. 10/524,353, filed Feb 14, 2005; Title: System and Method for Secure Control of Resources of Wireless Mobile Communication Device.
Patent Certificate. Indian Patent Application No. 1956/DELNP/2005. Dated: Oct. 31, 2003.
Red Hat: "Red Hat Linux 7.2-The Official Red Had Linux Reference Guide" Red Hat Linux Manuals, Online!, Oct. 22, 2001, XP002276029, pp. 145-155.
Research In Motion, "BlackBerry Bridge App 2.1 and Blackberry PlayBook Tablet 2.1, Security Technical Overview"; Version: 2.1; Jul. 17, 2012; 43 pages.
Research In Motion, "BlackBerry Device Sercvice 6.1 and BlackBerry PlayBook Tablet 2.1, Security Technical Overview"; Version: 6.1; Sep. 17, 2012; 90 pages.
Second Office Action issued in Chinese Application No. 200580013730.4 on Dec. 12, 2010; 10 pages.
Send an e-mail message with restricted permission by using IRM; Support/Outlook/Outlook 2007 Help and How to. http://office.mircosoft.com/en-us/outlook-help/send-an-e-mail-message-with-restricted-permission-by-using-irm-HA01024780 . . . , pp. 1-4, retrieved on Feb. 12, 2010.
Singh, Anish, Australian Patent Office, Australian Application No. 20090202857, filed Apr. 29, 2005, in Examiner's First Report, mailed Nov. 5, 2010, 3 pages.
Smartphone Security Beyond Lock and Wipe (Jun. 10, 2010): http://www.enterprisemobiletoday.com/article. php/3887006.
Sygate: "Sygate Personal Firewall Pro User Guide" Sygate Personal Firewall Pro User Guide version 2.02001, pp. 1-77, XP002248366.
Third Office Action issued in Chinese Application No. 200580013730.4 on Mar. 8, 2011; 10 pages.
Trial Decision issued in Korean Application No. 10-2006-7025081 on Jul. 27, 2009; 10 pages.
View messages with restricted permission sent by using IRM; Support/Outlook/Outlook 2007 Help and How-to. http://office.mircosoft.com/en-us/outlook-help/view-messages-with-restricted-permission-sent-by-using-irm-HA010246115.as . . . , pp. 1-2, retrieved on Feb. 12, 2010.
Windows 7 Product Guide; Microsoft Corp. 2009; published in 2009; 140 pages.
XP002167366; Chen, Zhigun; "Java Card Technology for Smart Cards: Architecture and Programmer's Guide"; "Applet Firewall and Object Sharing;" Internet citation; Jun. 2, 2000; .
XP002167366; Chen, Zhigun; "Java Card Technology for Smart Cards: Architecture and Programmer's Guide"; "Applet Firewall and Object Sharing;" Internet citation; Jun. 2, 2000; <http://developer.java.sun.com/developer/Books/consumerproducts/javacard/ch09.pdf>.

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9690560B2 (en) 2013-03-15 2017-06-27 Google Technology Holdings LLC System and method for transferring software applications and data between two mobile devices with different operating systems
US20150087288A1 (en) * 2013-09-24 2015-03-26 Motorola Mobility Llc System and method for transferring software applications and data between two mobile devices with different operating systems
US9369823B2 (en) * 2013-09-24 2016-06-14 Google Technology Holdings LLC System and method for transferring software applications and data between two mobile devices with different operating systems
US11323447B2 (en) * 2019-07-09 2022-05-03 Hexagon Technology Center Gmbh Digital data access control and automated synthesization of capabilities
US11706223B2 (en) 2019-07-09 2023-07-18 Hexagon Technology Center Gmbh Digital data access control and automated synthesization of capabilities

Also Published As

Publication number Publication date
US7734284B2 (en) 2010-06-08
DE602005026643D1 (en) 2011-04-14
USRE49721E1 (en) 2023-11-07
CN1951060B (en) 2011-11-30
US20100242086A1 (en) 2010-09-23
EP1741225A4 (en) 2007-10-17
KR100926804B1 (en) 2009-11-12
KR20070007198A (en) 2007-01-12
US8005469B2 (en) 2011-08-23
WO2005107144A1 (en) 2005-11-10
CN102355466B (en) 2016-01-20
USRE46083E1 (en) 2016-07-26
JP2007535247A (en) 2007-11-29
EP1741225B1 (en) 2011-03-02
US20050255838A1 (en) 2005-11-17
HK1167532A1 (en) 2012-11-30
AU2005239005A1 (en) 2005-11-10
JP4465387B2 (en) 2010-05-19
AU2009202857A1 (en) 2009-08-06
EP1741225A1 (en) 2007-01-10
HK1099864A1 (en) 2007-08-24
USRE48679E1 (en) 2021-08-10
BRPI0510378A (en) 2007-11-06
CA2564914A1 (en) 2005-11-10
CA2564914C (en) 2016-09-20
AU2009202857B2 (en) 2012-03-08
BRPI0510378B1 (en) 2018-12-11
CN102355466A (en) 2012-02-15
ATE500698T1 (en) 2011-03-15
CN1951060A (en) 2007-04-18

Similar Documents

Publication Publication Date Title
USRE49721E1 (en) System and method for handling data transfers
US10484870B2 (en) System and method for handling peripheral connections to mobile devices
US7707639B2 (en) System and method for handling restoration operations on mobile devices
US8010989B2 (en) System and method for configuring devices for secure operations
US7992216B2 (en) Message service indication system and method
US7104445B2 (en) Content protection ticket system and method
US20050154876A1 (en) System and method for securing wireless data
AU2012203391B2 (en) System and method for handling data transfers

Legal Events

Date Code Title Description
FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: BLACKBERRY LIMITED, ONTARIO

Free format text: CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:037856/0713

Effective date: 20130709

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12